Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
30.4. Adding sudo Commands, Command Groups, and Rules
30.4.1. Adding sudo Commands
Adding sudo Commands in the Web UI
- Under the Policy tab, click
. - Click at the top of the list.
- Fill out the information about the command. Enter the full system path to the command executable.
Figure 30.1. Adding a New
sudoCommand
- Click . Alternatively, click to start adding another entry or to start editing the new entry.
Adding sudo Commands from the Command Line
To add a
sudo command, use the ipa sudocmd-add command. Provide the full system path to the command executable. For example, to add the /usr/bin/less command and a description:
$ ipa sudocmd-add /usr/bin/less --desc="For reading log files" ---------------------------------- Added sudo command "/usr/bin/less" ---------------------------------- sudo Command: /usr/bin/less Description: For reading log files
30.4.2. Adding sudo Command Groups
Adding sudo Command Groups in the Web UI
- Under the Policy tab, click
. - Click at the top of the list.
- Fill out the information about the command group.
Figure 30.2. Adding a New
sudoCommand Group
- Click to start editing the command group.
- Under the Sudo Commands tab, click to add a
sudocommand to the group. Select the required commands and move them to the Prospective column using the button.Figure 30.3. Adding Commands to a
sudoCommand Group
- Click .
Adding sudo Command Groups from the Command Line
- Create the command group using the ipa sudocmdgroup-add command. For example, to create the
filescommand group and add its description:$ ipa sudocmdgroup-add files --desc="File editing commands" ----------------------------------- Added sudo command group "files" ----------------------------------- sudo Command Group: files Description: File editing commands
- Include a
sudocommand in the group using the ipa sudocmdgroup-add-member command. Note that you can only include commands that have already been added to IdM, as described in Section 30.4.1, “AddingsudoCommands”.$ ipa sudocmdgroup-add-member files --sudocmds "/usr/bin/vim" sudo Command Group: files Description: File editing commands Member sudo commands: /usr/bin/vim ------------------------- Number of members added 1 -------------------------
30.4.3. Adding sudo Rules
Adding sudo Rules in the Web UI
- Under the Policy tab, click
. - Click at the top of the list.
- Enter the name for the rule.
Figure 30.4. Naming a New
sudoRule
- Click . Alternatively, click to start adding another entry or to start editing the new entry.
For information on how to edit the new
sudo rule, see Section 30.6, “Modifying sudo Rules”.
Adding sudo Rules from the Command Line
To add a new
sudo rule, use the ipa sudorule-add command. For example, to add a rule named files-commands:
$ ipa sudorule-add files-commands -------------------------------- Added Sudo Rule "files-commands" -------------------------------- Rule name: files-commands Enabled: TRUE
For more information on using ipa sudorule-add and the options it accepts, run the command with the
--help option added.
For information on how to edit the new
sudo rule, see Section 30.6, “Modifying sudo Rules”.
For a complete example of adding a new
sudo rule and editing it from the command line, see Example 30.1, “Adding and Modifying a New sudo Rule from the Command Line”.
