-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipa_sudorule; cmdgroup and runas functionality #64837
Conversation
The test
|
Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.
For further information, please see: |
SUMMARY
Extends ipa_sudorule module with
cmdgroup
param; This allows referencing a command group created with ipa_sudocmdgroup.runasuser
paramrunasgroupofuser
paramrunasgroup
paramFixes the changed logic for
cmd
to correctly report when the list changes.Enhances the parameter descriptions with mutually exclusive details.
ISSUE TYPE
COMPONENT NAME
ipa_sudorule
ADDITIONAL INFORMATION
It's possible to add individual sudo cmds to a sudo rule, or a command group:
ipa sudorule-add-allow-command has 2 sub parameters,
sudocmd
andsudocmdgroup
. This extends the module to add support for the second parameter, and makes the first more explicit.See also https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/defining-sudorules
It's possible to specify whether a user may sudo as another user, or group - using runasuser (either entered individually or via groups) or and runasgroup.