Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

30.4. Adding sudo Commands, Command Groups, and Rules

30.4.1. Adding sudo Commands
Copy link

Adding sudo Commands in the Web UI

  1. Under the Policy tab, click Sudo Sudo Commands.
  2. Click Add at the top of the list.
  3. Fill out the information about the command. Enter the full system path to the command executable.

    Figure 30.1. Adding a New sudo Command

    Adding a New sudo Command
    View larger image
    Adding a New sudo Command
  4. Click Add. Alternatively, click Add and Add Another to start adding another entry or Add and Edit to start editing the new entry.

Adding sudo Commands from the Command Line

To add a sudo command, use the ipa sudocmd-add command. Provide the full system path to the command executable. For example, to add the /usr/bin/less command and a description: 
$ ipa sudocmd-add /usr/bin/less --desc="For reading log files"
----------------------------------
Added sudo command "/usr/bin/less"
----------------------------------
  sudo Command: /usr/bin/less
  Description: For reading log files
Copy to Clipboard Toggle word wrap

30.4.2. Adding sudo Command Groups
Copy link

Adding sudo Command Groups in the Web UI

  1. Under the Policy tab, click Sudo Sudo Command Groups.
  2. Click Add at the top of the list.
  3. Fill out the information about the command group.

    Figure 30.2. Adding a New sudo Command Group

    Adding a New sudo Command Group
    View larger image
    Adding a New sudo Command Group
  4. Click Add and Edit to start editing the command group.
  5. Under the Sudo Commands tab, click Add to add a sudo command to the group. Select the required commands and move them to the Prospective column using the > button.

    Figure 30.3. Adding Commands to a sudo Command Group

    Adding Commands to a sudo Command Group
    View larger image
    Adding Commands to a sudo Command Group
  6. Click Add.

Adding sudo Command Groups from the Command Line

  1. Create the command group using the ipa sudocmdgroup-add command. For example, to create the files command group and add its description: 
    $ ipa sudocmdgroup-add files --desc="File editing commands"
-----------------------------------
Added sudo command group "files"
-----------------------------------
  sudo Command Group: files
  Description: File editing commands
    Copy to Clipboard Toggle word wrap
  2. Include a sudo command in the group using the ipa sudocmdgroup-add-member command. Note that you can only include commands that have already been added to IdM, as described in Section 30.4.1, “Adding sudo Commands”. 
    $ ipa sudocmdgroup-add-member files --sudocmds "/usr/bin/vim"
  sudo Command Group: files
  Description: File editing commands
  Member sudo commands: /usr/bin/vim
-------------------------
Number of members added 1
-------------------------
    Copy to Clipboard Toggle word wrap

30.4.3. Adding sudo Rules
Copy link

Adding sudo Rules in the Web UI

  1. Under the Policy tab, click Sudo Sudo Rules.
  2. Click Add at the top of the list.
  3. Enter the name for the rule.

    Figure 30.4. Naming a New sudo Rule

    Naming a New sudo Rule
    View larger image
    Naming a New sudo Rule
  4. Click Add. Alternatively, click Add and Add Another to start adding another entry or Add and Edit to start editing the new entry.
For information on how to edit the new sudo rule, see Section 30.6, “Modifying sudo Rules”.

Adding sudo Rules from the Command Line

To add a new sudo rule, use the ipa sudorule-add command. For example, to add a rule named files-commands: 
$ ipa sudorule-add files-commands
--------------------------------
Added Sudo Rule "files-commands"
--------------------------------
  Rule name: files-commands
  Enabled: TRUE
Copy to Clipboard Toggle word wrap
For more information on using ipa sudorule-add and the options it accepts, run the command with the --help option added.
For information on how to edit the new sudo rule, see Section 30.6, “Modifying sudo Rules”.
For a complete example of adding a new sudo rule and editing it from the command line, see Example 30.1, “Adding and Modifying a New sudo Rule from the Command Line”.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat