Ping a Specific Port

Question

dawud

Asked: 2013-04-16 02:33:43 +0800 CST2013-04-16 02:33:43 +0800 CST 2013-04-16 02:33:43 +0800 CST

How to create a sudorule in freeIPA for the sudoedit builtin

772

Currently, when I want to grant some group of users access to edit a file, I proceed as follows:


ipa sudocmd-add --desc=Vi IMproved default-mode, no-exec, no-suspend mode' '/usr/bin/rvim'
ipa sudocmdgroup-add edition --desc='commands for restricted edition'
ipa sudocmdgroup-add-member edition --sudocmds=/usr/bin/rvim
ipa sudorule-add edition-4-operators --desc='Operator access to restricted edition commands'
ipa sudorule-add-allow-command edition-4-operators --sudocmdgroups=edition

and then the rest of the options related to HBAC, SELinux, etc.

I want to replace /usr/bin/rvim with the builtin sudoedit(8) in all sudorules of my freeIPA server.

Do I need to declare sudoedit as a sudocmd as usual? Can I directly add sudoedit to the sudocmdgroup without declaring it as a sudocmd previously?

1 Answers

Voted

dawud · Answer 1 · 2013-04-17T04:25:12+08:00

This is the way to do it (actually, a practical example):


#  ipa sudocmd-add --desc='sudoedit configuration file of IPv4 packet filtering and NAT' 'sudoedit /etc/sysconfig/iptables'
--------------------------------------------------------------
Added Sudo Command "sudoedit /etc/sysconfig/iptables"
--------------------------------------------------------------
  Sudo Command: sudoedit /etc/sysconfig/iptables
  Description: sudoedit configuration file of IPv4 packet filtering and NAT

#  ipa sudocmdgroup-add-member networking --sudocmds='sudoedit /etc/sysconfig/iptables'
  Sudo Command Group: networking
  Description: commands for network configuration and troubleshooting
  Member Sudo commands: sudoedit /etc/sysconfig/iptables
-------------------------
Number of members added 1
-------------------------

Being sudoedit a sudo builtin

# ls -lrt /usr/bin/sudoedit
lrwxrwxrwx. 1 root root 4 Apr  8 09:00 /usr/bin/sudoedit -> sudo*

trying to add the sudorule using /usr/bin/sudoedit will fail with this error:

$ sudo -e /etc/sysconfig/iptables
Sorry, user joe is not allowed to execute 'sudoedit /etc/sysconfig/iptables' as root on host.domain.com.

Works correctly for both sudo -e and sudoedit.

How to create a sudorule in freeIPA for the sudoedit builtin

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?