sudo configuration, any command which will be governed by sudo access must be listed in the configuration. Identity Management adds an extra control measure with sudo command groups, which allow a group of commands to be defined and then applied to the sudo configuration as one.
sudo rule; simply adding a command does not automatically include it in a sudo rule.
sudocmd-add command. This requires the full, local path to the command executable and a description of the command:
$ ipa sudocmd-add --desc "description"/local/path/to/command
$ ipa sudocmd-add --desc 'For reading log files' '/usr/bin/less' ---------------------------------- Added sudo command "/usr/bin/less" ---------------------------------- sudo Command: /usr/bin/less Description: For reading log files
sudocmdgroup-add command:
$ ipa sudocmdgroup-add --desc 'File editing commands' files ----------------------------------- Added sudo command group "files" ----------------------------------- sudo Command Group: files Description: File editing commands
sudocmd-add command:
$ ipa sudocmd-add --desc 'For editing files' '/usr/bin/vim' ---------------------------------- Added sudo command "/usr/bin/vim" ---------------------------------- sudo Command: /usr/bin/vim Description: For editing files
sudocmdgroup-add-member command:
$ ipa sudocmdgroup-add-member --sudocmds '/usr/bin/vim' files sudo Command Group: files Description: File editing commands Member sudo commands: /usr/bin/vim ------------------------- Number of members added 1 -------------------------