search for: sudoer

Hi all! I'm attempting to configure sudo rights from Samba ldap. Alas, libsssd_samba receives 0 rules and config doesn't work. I think I have the problem identified here but I don't understand why. The way sssd_sudo searches for sudoers leave all important attributes out and of course filtering then fails. Can you help me to understand why following search results are so different (and how to fix it)? [root at dc1 var]# kinit administrator at TEEMU.LOCAL Password for administrator at TEEMU.LOCAL: Warning: Your password will expi...

...rd time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit administrator at TEEMU.LOCAL Password for administrator at TEEMU.LOCAL: Warning: Your password will expire in 35 days on Wed Aug 6 22:20:25 2014 [root at dc1 var]# ldapsearch -h dc1 -Y GSSAPI -b ou=SUDOers,dc=teemu,dc=local SASL/GSS...

...do user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~] bluethundr% ./add_sudo.sh reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN ATTEMPT! [sudo] password for bluethundr: Sorry, try again. [sudo] password for bluethundr: Sorry, try again. [sudo] password for bluethundr: Sorry, try again. sudo: 3 i...

Hello everybody! How can i create with puppet following sudoers file: User_Alias CENTREON=apache,nagios CENTREON ALL = NOPASSWD: /etc/init.d/nagios* restart CENTREON ALL = NOPASSWD: /etc/init.d/nagios* reload CENTREON ALL = NOPASSWD: /usr/bin/nagios* -v * The problem that augeas create only last line, replacing previous one. -- You received this...

I took your suggestion and turned my (ill advised) sudoers bash script into an expect script! It works a lot better this way and is more secure. Because I'm not trying to store a password in a script (which I recognize as a bad idea anyway, I I think I've learned my lesson here). It really works well. But the only thing I'm still trying to f...

...trouble with the following setup: node ''serverA'' inherits server-defaults { include myApp::install } node ''server-defaults'' inherits default { $sudoenv = ''custom_server'' } node default { $sudoenv = ''default'' include sudoers::config } class sudoers::config { file { "/etc/sudoers": ensure => file, owner => "root", group => "root", mode => 440, source => "puppet:///modules/sudoers/sudoers_ $sudoenv", } } I have then created to files: sudoer...

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line #includedir "/etc/sudoers.d" It seems that line...

...datacenter/app/role/node/%{::clientcert}" > > - "datacenter/app/role/%{::server_role}" > > - "datacenter/app/%{::app_name}" > > - "datacenter/%{::datacenter}" > > - common > > Basically, a node can have different files in /etc/sudoers.d/ depending on the structure above. I want each sudoers definition to be in it''s own file in /etc/sudoers.d/. Here''s how I have my data files laid out (yaml): common.yaml: > sudoers: > > - filename: app1_sudo > > - contents: | > > %...

so I have this sudo module that I''ve been working on: class auth::sudo { package { sudo: ensure => installed } file { sudo_config: name => "/tmp/sudoers", owner => "root", group => "root", mode => 0440, notify => Exec["sudoers-syntax"], source => [ "puppet:///auth/sudo/${fqdn}/sudoers", "puppet:///auth/sudo/sudo...

Hi, I have a DC on samba 4.17.12 I want store sudoers in LDAP, and use sssd for get rules from LDAP. I was configured sssd.conf [sssd] config_file_version = 2 services = nss, pam, sudo user = _sssd domains = TEST.ALT [nss] [sudo] [pam] [domain/TEST.TLD] dyndns_update = true id_provider = ad auth_provider = ad chpass_provider = ad access_provider...

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using s...

...o download the files directly from the fileserver of the puppetmaster. So far i couldn''t get it to work. I don''t know if i got the URL right, i did not find any examples on the REST API documentation for the fileserver. for example if the file is /etc/puppet/manifests/files/sudo/sudoers fileserver.conf: [files] path /etc/puppet/manifests/files allow 127.0.0.1 allow *.bar to what path would this translate? https://foo.bar:8140/file_content/sudo/sudoers https://bli.bla:8140/file_content/files/sudo/sudoers Greetings Andy -- You received this message because you are subscr...

On Fri, 24 Nov 2023 13:30:13 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote: > Hi, > > I have a DC on samba 4.17.12 > > I want store sudoers in LDAP, and use sssd for get rules from LDAP. > > I was configured sssd.conf > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > user = _sssd > domains = TEST.ALT > > [nss] > [sudo] > [pam] > > [domain/TEST.TLD] > dyndns_update = tru...

...there and tell what went wrong here. I then followed my colleague's instructions to get the tar, untar, autogen, configure, and finally make rpm. Well it was that make rpm command that finally failed. And sudo was the problem. I got a message something like: Assuming that you are in /etc/sudoers!!!! And then asked for a password. Which password? My userid or root's? I tried both and after 3 tries got: me is not in sudoers file. This incident will be reported. removing '/home/me/rpmbuild/BUILD/hipl--main--2.6/hipl-1.0.4' So I look at /etc/sudoers and do not understand wh...

24.11.2023 14:57, Rowland Penny via samba ?????: > On Fri, 24 Nov 2023 13:30:13 +0500 > Anton Shevtsov via samba<samba at lists.samba.org> wrote: > >> Hi, >> >> I have a DC on samba 4.17.12 >> >> I want store sudoers in LDAP, and use sssd for get rules from LDAP. >> >> I was configured sssd.conf >> >> [sssd] >> config_file_version = 2 >> services = nss, pam, sudo >> user = _sssd >> domains = TEST.ALT >> >> [nss] >> [sudo] >> [pam] >>...

I''ve just installed express b28 on my system. After installing, I decided to move /opt to a zfs pool home/opt. After installing Blastwave''s latest sudo, I did my usual edits of sudoers. When I attempted to execute sudo ls to test things I got this: rtfm:/opt/csw/etc:>sudo ls sudo: /opt/csw/etc/sudoers is owned by gid 1, should be 0 But /opt/csw/etc/sudoers permissions and ownership are correct: -r--r----- 1 root other 641 Dec 9 17:45 sudoers The only thing...

Hello folks. I''ve got a problem that I can''t work out the solution to. My base workstation node definition says essentially: node base-workstation { file { etc-sudoers: name => "/etc/sudoers", ... } } This works fine, all of our workstations get a standardised sudoers file. However, I have one user on a workstation who needs a specialised sudoers file. If I define that file inside of the node definition, I get a duplicate definition error,...

...p to 16 or less groups. > > Regards, > > Matt > > ------------------------------ > *From:* Jeff Sadowski <jeff.sadowski at gmail.com> > *Sent:* Tuesday, December 8, 2015 4:59 PM > *To:* Mattias Zhabinskiy; samba > *Subject:* Re: [Samba] Adding an AD group to /etc/sudoers? > > # id username|sed "s/,/\n/g"|wc -l > 155 > > # id|sed "s/,/\n/g"|wc -l > 28 > > > On Tue, Dec 8, 2015 at 2:56 PM, Jeff Sadowski <jeff.sadowski at gmail.com> > wrote: > >> wbinfo -r username >> shows the gid of it >>...

Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! #pssh -i -h es_list "/bin/sudo /bin/systemctl restart elasticsearch; sleep 10" [1] 20:31:32 [SUCCESS] bluethundr at es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo [2] 20:31:32 [SUCCESS] blue...

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's published too.