Unix/Linux Go Back    


UNIX and Linux Applications Discuss UNIX and Linux software applications. This includes SQL, Databases, Middleware, MOM, SOA, EDA, CEP, BI, BPM and similar topics.

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

UNIX and Linux Applications


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 03-19-2016
darktux darktux is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 11 December 2016, 9:53 AM EST
Location: Austria
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello Linux

we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to use the commands, systemctl, reboot, shutdown, and a couple of other commands without password.
They must nevertheless always enter their password.

The goal is that admins they are in the wheelgroup and also members from some other sudogroups, they can execute there commands without password. Is this possible in LDAP?

Here some config:


Code:
cn=defaults
dn	                cn=defaults,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                defaults
description 	sudoOption's
objectClass	sudoRole
sudoOption	!root_sudo
                        !lecture
                        log_host
                        log_year
                        ignore_dot
                        passwd_tries=3
                        timestamp_timeout=5
                        passwd_timeout=1
                        authenticate
                        ignore_local_sudoers

cn=%wheel
dn	               cn=%wheel,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	               %wheel
description 	Superadmingroup
objectClass	sudoRole
sudoCommand	ALL
sudoHost	        ALL
sudoUser	        %wheel

cn=portage
dn	                cn=portage,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                portage
description 	Mitglieder können auf allen Gentoos die Paketverwaltung bedienen.
objectClass	sudoRole
sudoCommand	/usr/bin/emerge
                        /usr/bin/eix
                        /usr/bin/revdep-rebuild
sudoHost	        ALL
sudoOption	!authenticate
sudoUser	        %portage


The importand option here is !authenticate. With this i can say "execute command without password".

Thanks a lot for helping!
Best Regards

Last edited by Scrutinizer; 03-19-2016 at 01:43 PM.. Reason: Changed noparse to code tags
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
changing which password is prompted for in sudoers thmnetwork Red Hat 0 10-12-2012 09:11 AM
How to configure sudoers in order to hide some sudo commands. fefafefa Linux 0 04-28-2012 08:16 PM
Problems Hooking Sudoers into PAM/LDAP bluethundr UNIX and Linux Applications 2 11-10-2010 12:33 PM
Set FLAG in MAils from UNIX Gaurav Goyal Shell Programming and Scripting 1 03-05-2010 02:35 PM
sudoers file with groups in LDAP em23 Solaris 6 11-14-2008 12:10 AM



All times are GMT -4. The time now is 09:22 AM.