Unix/Linux Go Back    

UNIX and Linux Applications Discuss UNIX and Linux software applications. This includes SQL, Databases, Middleware, MOM, SOA, EDA, CEP, BI, BPM and similar topics.

LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

UNIX and Linux Applications

Thread Tools Search this Thread Display Modes
Old Unix and Linux 03-19-2016   -   Original Discussion by darktux
darktux's Unix or Linux Image
darktux darktux is offline
Registered User
Join Date: Oct 2012
Last Activity: 8 June 2017, 5:09 AM EDT
Location: Austria
Posts: 17
Thanks: 0
Thanked 1 Time in 1 Post
LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello Linux

we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to use the commands, systemctl, reboot, shutdown, and a couple of other commands without password.
They must nevertheless always enter their password.

The goal is that admins they are in the wheelgroup and also members from some other sudogroups, they can execute there commands without password. Is this possible in LDAP?

Here some config:

dn	                cn=defaults,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                defaults
description 	sudoOption's
objectClass	sudoRole
sudoOption	!root_sudo

dn	               cn=%wheel,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	               %wheel
description 	Superadmingroup
objectClass	sudoRole
sudoCommand	ALL
sudoHost	        ALL
sudoUser	        %wheel

dn	                cn=portage,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                portage
description 	Mitglieder können auf allen Gentoos die Paketverwaltung bedienen.
objectClass	sudoRole
sudoCommand	/usr/bin/emerge
sudoHost	        ALL
sudoOption	!authenticate
sudoUser	        %portage

The importand option here is !authenticate. With this i can say "execute command without password".

Thanks a lot for helping!
Best Regards

Last edited by Scrutinizer; 03-19-2016 at 12:43 PM.. Reason: Changed noparse to code tags
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
changing which password is prompted for in sudoers thmnetwork Red Hat 0 10-12-2012 08:11 AM
How to configure sudoers in order to hide some sudo commands. fefafefa Linux 0 04-28-2012 07:16 PM
Problems Hooking Sudoers into PAM/LDAP bluethundr UNIX and Linux Applications 2 11-10-2010 11:33 AM
Set FLAG in MAils from UNIX Gaurav Goyal Shell Programming and Scripting 1 03-05-2010 01:35 PM
sudoers file with groups in LDAP em23 Solaris 6 11-13-2008 11:10 PM

All times are GMT -4. The time now is 02:23 AM.