Fedora directory users - May 2008 - Usermod

Hi All

Is there any way of defineing usermod with FDS ?,

Lets say that I am user "siggi" and I need to give him rights to login
as user "test" is that possible with FDS ?

Regards
Siggi

That has nothing to do with FDS, you can use su or sudo.




                                                                           
                                                                           
                                                                           
                                                                      Para 
                                          "Fedora-directory-users@redhat.c 
                                          om"                              
       Sigurður Bjarnason                 <Fedora-directory-users@redhat.c 
       <siggi@betware.com>                om>
       Enviado por:                                                     cc 
       fedora-directory-users-b                                            
       ounces@redhat.com                                            Asunto 
                                          [Fedora-directory-users] Usermod 
       05/05/2008 12:33 p.m.                                 Clasificación 
                                         Uso Interno                       
                                                                           
                                                                           
        Por favor, responda a                                              
       "General discussion list                                            
       for the Fedora Directory                                            
           server project."                                                
       <fedora-directory-users@                                            
             redhat.com>                                                   
                                                                           
                                                                           




Hi All

Is there any way of defineing usermod with FDS ?,

Lets say that I am user „siggi“ and I need to give him rights to login as
user „test“ is that possible with FDS ?

Regards
Siggi
 --
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users


=======================================================================================AVISO
LEGAL: Esta información es privada y confidencial y está dirigida
únicamente a su destinatario. Si usted no es el destinatario original de
este mensaje y por este medio pudo  acceder a dicha información por favor
elimine el mensaje. La distribución o copia de este mensaje está
estrictamente prohibida. Esta comunicación es sólo para  propósitos de
información y no debe ser considerada como propuesta, aceptación ni como
una declaración de voluntad oficial de NUCLEO S.A.  La transmisión de
e-mails no garantiza que el correo electrónico sea seguro o libre de error.
Por consiguiente, no manifestamos que esta información sea completa o
precisa.  Toda información está sujeta a alterarse sin previo aviso.

 This information is private and confidential and intended for the
recipient only. If you are not the intended recipient of this message you
are hereby notified that any review,  dissemination, distribution or
copying of this message is strictly prohibited. This communication is for
information purposes only and shall not be regarded neither as a proposal,
acceptance nor as a statement of will or official statement from NUCLEO
S.A. . Email transmission cannot be guaranteed to be secure or error-free.
Therefore,  we do not represent that this information is complete or
accurate and it should not be relied upon as such. All information is
subject to change without notice.

There is a schema for sudo entries look at
http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_With_Sudo_Access_Using_LDAP
 
You have to modify the given shema to be compatible with fds (a script exists to
convert schema):
 
# cat 77sudo.ldif 
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.1
  NAME ''sudoUser''
  DESC ''User(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.2
  NAME ''sudoHost''
  DESC ''Host(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.3
  NAME ''sudoCommand''
  DESC ''Command(s) to be executed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.4
  NAME ''sudoRunAs''
  DESC ''User(s) impersonated by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.5
  NAME ''sudoOption''
  DESC ''Options(s) followed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
objectClasses: (
  1.3.6.1.4.1.15953.9.2.1
  NAME ''sudoRole''
  DESC ''Sudoer Entries''
  SUP top
  STRUCTURAL
  MUST ( cn )
  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description
)
  )
#
################################################################################
#

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður
Bjarnason
Sent: Monday 5 May 2008 18:33
To: Fedora-directory-users@redhat.com
Subject: [Fedora-directory-users] Usermod



Hi All

 

Is there any way of defineing usermod with FDS ?, 

 

Lets say that I am user "siggi" and I need to give him rights to login
as user "test" is that possible with FDS ?

 

Regards

Siggi

 


Atos Worldline SA/NV - Chaussee de Haecht 1442 Haachtsesteenweg 
- 1130 Brussels - Belgium
RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872
Bankrekening-Compte Bancaire-Bank Account 310-0269424-44
BIC BBRUBEBB - IBAN BE55 3100 2694 2444

"The information contained in this e-mail and any attachment thereto is
confidential and may contain information which is protected by intellectual
property rights.
This information is intended for the exclusive use of the recipient(s) named
above.
This e-mail does not constitute any binding relationship or offer toward any of
the addressees.
If you are not one of the addressees , one of their employees or a proxy holder
entitled to hand over this message to the addressee(s), any use of the
information contained herein (e.g. reproduction, divulgation, communication or
distribution,...) is prohibited.
If you have received this message in error, please notify the sender and destroy
it immediately after.
The integrity and security of this message cannot be guaranteed and it may be
subject to data corruption, interception and unauthorized amendment, for which
we accept no liability."

Thanks...  ..I have however SUDO schema for LDAP allready. But I cant seam to
figure out how to allow certain users to login as other users.. :(

Should I just allow the users to do su - ... but then they can login as root
also right ?..

This is my sudo schema

dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME ''sudoUser'' DESC
''User(s) who may  run sudo'' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME ''sudoHost'' DESC
''Host(s) who may run sudo'' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME ''sudoCommand''
DESC ''Command(s) to be executed by sudo'' EQUALITY
caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME ''sudoRunAs''
DESC ''User(s) impersonated by sudo'' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ''SUDO'' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME ''sudoOption''
DESC ''Options(s) followed by sudo'' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ''SUDO'' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME ''sudoRole'' SUP
top STRUCTURAL DESC ''Sudoer Entries'' MUST ( cn ) MAY (
sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description )
X-ORIGIN ''SUDO'' )


Regards
Siggi


From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of FAUCONNIER
Valery AWL-IT
Sent: 7. maí 2008 06:31
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Usermod

There is a schema for sudo entries look at
http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_With_Sudo_Access_Using_LDAP

You have to modify the given shema to be compatible with fds (a script exists to
convert schema):

# cat 77sudo.ldif
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.1
  NAME ''sudoUser''
  DESC ''User(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.2
  NAME ''sudoHost''
  DESC ''Host(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.3
  NAME ''sudoCommand''
  DESC ''Command(s) to be executed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.4
  NAME ''sudoRunAs''
  DESC ''User(s) impersonated by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.5
  NAME ''sudoOption''
  DESC ''Options(s) followed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
objectClasses: (
  1.3.6.1.4.1.15953.9.2.1
  NAME ''sudoRole''
  DESC ''Sudoer Entries''
  SUP top
  STRUCTURAL
  MUST ( cn )
  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description
)
  )
#
################################################################################
#
-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður
Bjarnason
Sent: Monday 5 May 2008 18:33
To: Fedora-directory-users@redhat.com
Subject: [Fedora-directory-users] Usermod
Hi All

Is there any way of defineing usermod with FDS ?,

Lets say that I am user "siggi" and I need to give him rights to login
as user "test" is that possible with FDS ?

Regards
Siggi


Atos Worldline SA/NV - Chaussee de Haecht 1442 Haachtsesteenweg

- 1130 Brussels - Belgium

RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872

Bankrekening-Compte Bancaire-Bank Account 310-0269424-44

BIC BBRUBEBB - IBAN BE55 3100 2694 2444



"The information contained in this e-mail and any attachment thereto is
confidential and may contain information which is protected by intellectual
property rights.

This information is intended for the exclusive use of the recipient(s) named
above.

This e-mail does not constitute any binding relationship or offer toward any of
the addressees.

If you are not one of the addressees , one of their employees or a proxy holder
entitled to hand over this message to the addressee(s), any use of the
information contained herein (e.g. reproduction, divulgation, communication or
distribution,...) is prohibited.

If you have received this message in error, please notify the sender and destroy
it immediately after.

The integrity and security of this message cannot be guaranteed and it may be
subject to data corruption, interception and unauthorized amendment, for which
we accept no liability."

Did you recompile sudo with the --with-ldap flag?

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður
Bjarnason
Sent: Thursday 8 May 2008 15:48
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Usermod



Thanks...  ..I have however SUDO schema for LDAP allready. But I cant seam to
figure out how to allow certain users to login as other users.. L

 

Should I just allow the users to do su - ... but then they can login as root
also right ?..

 

This is my sudo schema

 

dn: cn=schema

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME ''sudoUser'' DESC
''User(s) who may  run sudo'' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME ''sudoHost'' DESC
''Host(s) who may run sudo'' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME ''sudoCommand''
DESC ''Command(s) to be executed by sudo'' EQUALITY
caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
''SUDO'' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME ''sudoRunAs''
DESC ''User(s) impersonated by sudo'' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ''SUDO'' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME ''sudoOption''
DESC ''Options(s) followed by sudo'' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ''SUDO'' )

objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME ''sudoRole'' SUP
top STRUCTURAL DESC ''Sudoer Entries'' MUST ( cn ) MAY (
sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description )
X-ORIGIN ''SUDO'' )

 

 

Regards

Siggi

 

 

From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of FAUCONNIER
Valery AWL-IT
Sent: 7. maí 2008 06:31
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Usermod

 

There is a schema for sudo entries look at
http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_With_Sudo_Access_Using_LDAP

 

You have to modify the given shema to be compatible with fds (a script exists to
convert schema):

 

# cat 77sudo.ldif 
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.1
  NAME ''sudoUser''
  DESC ''User(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.2
  NAME ''sudoHost''
  DESC ''Host(s) who may run sudo''
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.3
  NAME ''sudoCommand''
  DESC ''Command(s) to be executed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.4
  NAME ''sudoRunAs''
  DESC ''User(s) impersonated by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.5
  NAME ''sudoOption''
  DESC ''Options(s) followed by sudo''
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
objectClasses: (
  1.3.6.1.4.1.15953.9.2.1
  NAME ''sudoRole''
  DESC ''Sudoer Entries''
  SUP top
  STRUCTURAL
  MUST ( cn )
  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description
)
  )
#
################################################################################
#

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður
Bjarnason
Sent: Monday 5 May 2008 18:33
To: Fedora-directory-users@redhat.com
Subject: [Fedora-directory-users] Usermod

Hi All

 

Is there any way of defineing usermod with FDS ?, 

 

Lets say that I am user "siggi" and I need to give him rights to login
as user "test" is that possible with FDS ?

 

Regards

Siggi

 

Atos Worldline SA/NV - Chaussee de Haecht 1442 Haachtsesteenweg 

- 1130 Brussels - Belgium

RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872

Bankrekening-Compte Bancaire-Bank Account 310-0269424-44

BIC BBRUBEBB - IBAN BE55 3100 2694 2444

 

"The information contained in this e-mail and any attachment thereto is
confidential and may contain information which is protected by intellectual
property rights.

This information is intended for the exclusive use of the recipient(s) named
above.

This e-mail does not constitute any binding relationship or offer toward any of
the addressees.

If you are not one of the addressees , one of their employees or a proxy holder
entitled to hand over this message to the addressee(s), any use of the
information contained herein (e.g. reproduction, divulgation, communication or
distribution,...) is prohibited.

If you have received this message in error, please notify the sender and destroy
it immediately after.

The integrity and security of this message cannot be guaranteed and it may be
subject to data corruption, interception and unauthorized amendment, for which
we accept no liability."