Ce contenu n'est pas disponible dans la langue sélectionnée.
30.2. sudo Rules in Identity Management
Using
sudo
rules, you can define who can do what, where, and as whom.
- Who are the users allowed to use
sudo
. - What are the commands that can be used with
sudo
. - Where are the target hosts on which the users are allowed to use
sudo
. - As whom is the system or other user identity which the users assume to perform tasks.
30.2.1. External Users and Hosts in sudo
Rules
IdM accepts external entities in
sudo
rules. External entities are entities that are stored outside of the IdM domain, such as users or hosts that are not part of the IdM domain.
For example, you can use
sudo
rules to grant root access to a member of the IT group in IdM, where the root user is not a user defined in the IdM domain. Or, for another example, administrators can block access to certain hosts that are on a network but are not part of the IdM domain.
30.2.2. User Group Support for sudo
Rules
You can use
sudo
to give access to whole user groups in IdM. IdM supports both Unix and non-POSIX groups. Note that creating non-POSIX groups can cause access problems because any users in a non-POSIX group inherit non-POSIX permissions from the group.
30.2.3. Support for sudoers
Options
IdM supports
sudoers
options. For a complete list of the available sudoers
options, see the sudoers(5) man page.
Note that IdM does not allow white spaces or line breaks in
sudoers
options. Therefore, instead of supplying multiple options in a comma-separated list, add them separately. For example, to add two sudoers
options from the command line:
$ ipa sudorule-add-option sudo_rule_name Sudo Option: first_option $ ipa sudorule-add-option sudo_rule_name Sudo Option: second_option
Similarly, make sure to supply long options on one line. For example, from the command line:
$ ipa sudorule-add-option sudo_rule_name Sudo Option: env_keep="COLORS DISPLAY EDITOR HOSTNAME HISTSIZE INPUTRC KDEDIR LESSSECURE LS_COLORS MAIL PATH PS1 PS2 XAUTHORITY"