主页
产品
Red Hat Enterprise Linux
10
Managing IdM users, groups, hosts, and access control rules
8.4. Granting sudo access to an IdM user on an IdM client using the IdM Web UI

8.4. Granting sudo access to an IdM user on an IdM client using the IdM Web UI

In Identity Management (IdM), you can grant sudo access for a specific command to an IdM user account on a specific IdM host. First, add a sudo command and then create a sudo rule for one or more commands.

Complete this procedure to create the idm_user_reboot sudo rule to grant the idm_user account the permission to run the /usr/sbin/reboot command on the idmclient machine.

Prerequisites

You are logged in as IdM administrator.
You have created a user account for idm_user in IdM and unlocked the account by creating a password for the user. For details on adding a new IdM user using the command line, see Adding users using the command line.
No local idm_user account is present on the idmclient host. The idm_user user is not listed in the local /etc/passwd file.

Procedure

Add the /usr/sbin/reboot command to the IdM database of sudo commands:
1. Navigate to Policy Sudo Sudo Commands.
2. Click Add in the upper right corner to open the Add sudo command dialog box.
3. Enter the command you want the user to be able to perform using sudo: /usr/sbin/reboot.
4. Click Add.
Use the new sudo command entry to create a sudo rule to allow idm_user to reboot the idmclient machine:
1. Navigate to Policy Sudo Sudo rules.
2. Click Add in the upper right corner to open the Add sudo rule dialog box.
3. Enter the name of the sudo rule: idm_user_reboot.
4. Click Add and Edit.
5. Specify the user:
  1. In the Who section, check the Specified Users and Groups radio button.
  2. In the User category the rule applies to subsection, click Add to open the Add users into sudo rule "idm_user_reboot" dialog box.
  3. In the Add users into sudo rule "idm_user_reboot" dialog box in the Available column, check the idm_user checkbox, and move it to the Prospective column.
  4. Click Add.
6. Specify the host:
  1. In the Access this host section, check the Specified Hosts and Groups radio button.
  2. In the Host category this rule applies to subsection, click Add to open the Add hosts into sudo rule "idm_user_reboot" dialog box.
  3. In the Add hosts into sudo rule "idm_user_reboot" dialog box in the Available column, check the idmclient.idm.example.com checkbox, and move it to the Prospective column.
  4. Click Add.
7. Specify the commands:
  1. In the Command category the rule applies to subsection of the Run Commands section, check the Specified Commands and Groups radio button.
  2. In the Sudo Allow Commands subsection, click Add to open the Add allow sudo commands into sudo rule "idm_user_reboot" dialog box.
  3. In the Add allow sudo commands into sudo rule "idm_user_reboot" dialog box in the Available column, check the /usr/sbin/reboot checkbox, and move it to the Prospective column.
  4. Click Add to return to the idm_sudo_reboot page.
  图 8.1. Adding IdM sudo rule
8. Click Save in the top left corner.
  The new rule is enabled by default.
注意
Propagating the changes from the server to the client can take a few minutes.

Verification

Log in to idmclient as idm_user.
Reboot the machine using sudo. Enter the password for idm_user when prompted:
```
$ sudo /usr/sbin/reboot
[sudo] password for idm_user:
```

If the sudo rule is configured correctly, the machine reboots.

8.4. Granting sudo access to an IdM user on an IdM client using the IdM Web UI

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links