LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

 
Thread Tools Search this Thread
# 1  
Old 03-19-2016
LDAP - sudoers and the nopasswd flag - How can i set some commands for wheelgroup without password?

Hello Smilie

we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to use the commands, systemctl, reboot, shutdown, and a couple of other commands without password.
They must nevertheless always enter their password.

The goal is that admins they are in the wheelgroup and also members from some other sudogroups, they can execute there commands without password. Is this possible in LDAP?

Here some config:

Code:
cn=defaults
dn	                cn=defaults,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                defaults
description 	sudoOption's
objectClass	sudoRole
sudoOption	!root_sudo
                        !lecture
                        log_host
                        log_year
                        ignore_dot
                        passwd_tries=3
                        timestamp_timeout=5
                        passwd_timeout=1
                        authenticate
                        ignore_local_sudoers

cn=%wheel
dn	               cn=%wheel,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	               %wheel
description 	Superadmingroup
objectClass	sudoRole
sudoCommand	ALL
sudoHost	        ALL
sudoUser	        %wheel

cn=portage
dn	                cn=portage,ou=SUDOers,ou=Anwendungen,dc=osit,dc=cc
cn	                portage
description 	Mitglieder können auf allen Gentoos die Paketverwaltung bedienen.
objectClass	sudoRole
sudoCommand	/usr/bin/emerge
                        /usr/bin/eix
                        /usr/bin/revdep-rebuild
sudoHost	        ALL
sudoOption	!authenticate
sudoUser	        %portage


The importand option here is !authenticate. With this i can say "execute command without password".

Thanks a lot for helping!
Best Regards

Last edited by Scrutinizer; 03-19-2016 at 01:43 PM.. Reason: Changed noparse to code tags

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Problem using sudo with NOPASSWD aigini82 HP-UX 3 04-12-2016 05:17 AM
Not able to set password solaris_1977 Solaris 2 11-15-2013 12:27 PM
changing which password is prompted for in sudoers thmnetwork Red Hat 0 10-12-2012 09:11 AM
How to configure sudoers in order to hide some sudo commands. fefafefa Linux 0 04-28-2012 08:16 PM
[SOLVED] LDAP Constraint Violation while changing password henryford UNIX for Advanced & Expert Users 0 04-03-2012 11:40 AM
Using commands within the command 'set' linuxPlayer Shell Programming and Scripting 1 07-15-2011 04:16 PM
setting password in ldap programAngel UNIX for Advanced & Expert Users 0 01-13-2011 06:14 AM
How to reset the ldap root password? ungalnanban UNIX for Advanced & Expert Users 0 12-20-2010 01:24 AM
Problems Hooking Sudoers into PAM/LDAP bluethundr UNIX and Linux Applications 2 11-10-2010 12:33 PM
Set FLAG in MAils from UNIX Gaurav Goyal Shell Programming and Scripting 1 03-05-2010 02:35 PM
using nohup with set of commands kvok Shell Programming and Scripting 1 08-12-2009 10:41 AM
changing user password as root on LDAP client SOl10/u7 ilikecows Solaris 1 08-05-2009 10:18 AM
Switch user :NOPASSWD setting mindtee_abhi UNIX for Advanced & Expert Users 2 03-19-2009 01:03 AM
LDAP user password reset script em23 Solaris 1 12-29-2008 07:02 AM
sudoers file with groups in LDAP em23 Solaris 6 11-14-2008 12:10 AM