30.2. sudo Rules in Identity Management

download PDF
Using sudo rules, you can define who can do what, where, and as whom.
  • Who are the users allowed to use sudo.
  • What are the commands that can be used with sudo.
  • Where are the target hosts on which the users are allowed to use sudo.
  • As whom is the system or other user identity which the users assume to perform tasks.

30.2.1. External Users and Hosts in sudo Rules

IdM accepts external entities in sudo rules. External entities are entities that are stored outside of the IdM domain, such as users or hosts that are not part of the IdM domain.
For example, you can use sudo rules to grant root access to a member of the IT group in IdM, where the root user is not a user defined in the IdM domain. Or, for another example, administrators can block access to certain hosts that are on a network but are not part of the IdM domain.

30.2.2. User Group Support for sudo Rules

You can use sudo to give access to whole user groups in IdM. IdM supports both Unix and non-POSIX groups. Note that creating non-POSIX groups can cause access problems because any users in a non-POSIX group inherit non-POSIX permissions from the group.

30.2.3. Support for sudoers Options

IdM supports sudoers options. For a complete list of the available sudoers options, see the sudoers(5) man page.
Note that IdM does not allow white spaces or line breaks in sudoers options. Therefore, instead of supplying multiple options in a comma-separated list, add them separately. For example, to add two sudoers options from the command line:
$ ipa sudorule-add-option sudo_rule_name
Sudo Option: first_option
$ ipa sudorule-add-option sudo_rule_name
Sudo Option: second_option
Similarly, make sure to supply long options on one line. For example, from the command line:
$ ipa sudorule-add-option sudo_rule_name
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.