FreeIPA - Allow ipa user su to root
Posted: 2018/07/18 04:58:30
Hi all,
I'm FreeIPA newbie, I have some fool questions, I tried google but I can find what I want so I hope you can help me.
My environment :
IPA server : ipa001.mydomain.com , CentOS Linux release 7.4.1708 (Core)
IPA client : a CentOS Linux release 7.4.1708 (Core) server : server01.mydomain.com
I'm trying to create sudo rule that allows ipa user jack.chuong can switch to root on IPA client server01.mydomain.com (jack.chuong can ssh to server01.mydomain.com already) by entering jack.chuong's password.
This is my sudo rule
Please give me some advice what should I edit to make it works ? Thank you very much.
I'm FreeIPA newbie, I have some fool questions, I tried google but I can find what I want so I hope you can help me.
My environment :
IPA server : ipa001.mydomain.com , CentOS Linux release 7.4.1708 (Core)
IPA client : a CentOS Linux release 7.4.1708 (Core) server : server01.mydomain.com
I'm trying to create sudo rule that allows ipa user jack.chuong can switch to root on IPA client server01.mydomain.com (jack.chuong can ssh to server01.mydomain.com already) by entering jack.chuong's password.
Code: Select all
login as: jack.chuong
Using keyboard-interactive authentication.
Password:
Last login: Wed Jul 18 11:36:53 2018 from 192.168.6.191
[jack.chuong@server01.mydomain.com ~]$ sudo su
[sudo] password for jack.chuong:
Sorry, try again.
[sudo] password for jack.chuong:
Code: Select all
ipa sudorule-show --all
Rule name: sudo su
dn: ipaUniqueID=6e1ae25a-8a3e-11e8-bd6d-000c2966ff86,cn=sudorules,cn=sudo,dc=mydomain,dc=com
Rule name: sudo su
Enabled: TRUE
Users: jack.chuong
Hosts: server01.mydomain.com
Sudo Allow Commands: /usr/bin/su
ipauniqueid: 6e1ae25a-8a3e-11e8-bd6d-000c2966ff86
objectclass: ipaassociation, ipasudorule