> On 20 Apr 2018, at 14:53, Dominik George <dominik.geo...@teckids.org> wrote:
>
> Hi,
>
>>> (root) ALL
>>>
>>> …even if I add sudoRunAsUser: ALL explicitly.
>>>
>>> I already tried wiping the sss cache, with no success.
>>
>> I'm sorry, but what should the desired output be here?
>
> ()ALL) ALL
>
> -nik
Ah, I see what you mean now, but I can’t reproduce the problem. I have an entry
that in the cache looks like this:
n: name=admin_all,cn=sudorules,cn=custom,cn=ipa.test,cn=sysdb
cn: admin_all
dataExpireTimestamp: 1524480254
name: admin_all
objectClass: sudoRule
sudoCommand: ALL
sudoHost: ALL
sudoRunAsUser: ALL
sudoUser: ad...@ipa.test
distinguishedName: name=admin_all,cn=sudorules,cn=custom,cn=ipa.test,cn=sysdb
Then sudo output gives me:
User admin may run the following commands on unidirect:
(root) /usr/bin/systemctl
(ALL) ALL
The systemctl allowed command comes from another rule, but I do get the (all)
all from the admin_all rule. How does your rule look like in the cache if you
run:
ldbsearch -H /var/lib/sss/db/cache_$yourdomain.ldb objectclass=sudorule
>
> --
> Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
> Teckids e.V. - Erkunden, Entdecken, Erfinden.
> https://www.teckids.org/
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
