> On 20 Apr 2018, at 14:53, Dominik George <dominik.geo...@teckids.org> wrote: > > Hi, > >>> (root) ALL >>> >>> …even if I add sudoRunAsUser: ALL explicitly. >>> >>> I already tried wiping the sss cache, with no success. >> >> I'm sorry, but what should the desired output be here? > > ()ALL) ALL > > -nik
Ah, I see what you mean now, but I can’t reproduce the problem. I have an entry that in the cache looks like this: n: name=admin_all,cn=sudorules,cn=custom,cn=ipa.test,cn=sysdb cn: admin_all dataExpireTimestamp: 1524480254 name: admin_all objectClass: sudoRule sudoCommand: ALL sudoHost: ALL sudoRunAsUser: ALL sudoUser: ad...@ipa.test distinguishedName: name=admin_all,cn=sudorules,cn=custom,cn=ipa.test,cn=sysdb Then sudo output gives me: User admin may run the following commands on unidirect: (root) /usr/bin/systemctl (ALL) ALL The systemctl allowed command comes from another rule, but I do get the (all) all from the admin_all rule. How does your rule look like in the cache if you run: ldbsearch -H /var/lib/sss/db/cache_$yourdomain.ldb objectclass=sudorule > > -- > Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter) > Teckids e.V. - Erkunden, Entdecken, Erfinden. > https://www.teckids.org/ > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org