Chapter 30. Using sudo


Identity Management provides a mechanism for predictably and consistently applying sudo policies across the IdM domain. Every system in the IdM domain can be configured as a sudo client.

30.1. The sudo Utility in Identity Management

The sudo utility gives administrative access to specified users. When trusted users precede an administrative command with sudo, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user. For more information about sudo, see the System Administrator's Guide.

30.1.1. The Identity Management LDAP Schema for sudo

IdM has a specialized LDAP schema for sudo entries. The schema supports:
  • Host groups as well as netgroups. Note that sudo only supports netgroups.
  • sudo command groups, which contain multiple commands.
Note
Because sudo does not support host groups or command groups, IdM translates the IdM sudo configuration into the native sudo configuration when the sudo rules are created. For example, IdM creates a corresponding shadow netgroup for every host group, which allows the IdM administrator to create sudo rules that reference host groups, while the local sudo command uses the corresponding netgroup.
By default, the sudo information is not available anonymously over LDAP. Therefore, IdM defines a default sudo user at uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX. You can change this user in the LDAP sudo configuration file at /etc/sudo-ldap.conf.

30.1.2. NIS Domain Name Requirements

The NIS domain name must be set for netgroups and sudo to work properly. The sudo configuration requires NIS-formatted netgroups and a NIS domain name for netgroups. However, IdM does not require the NIS domain to actually exist. It is also not required to have a NIS server installed.
Note
The ipa-client-install utility sets a NIS domain name automatically to the IdM domain name by default.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.