similar to: Overriding a file without causing duplicate definitions

Hi all! I'm attempting to configure sudo rights from Samba ldap. Alas, libsssd_samba receives 0 rules and config doesn't work. I think I have the problem identified here but I don't understand why. The way sssd_sudo searches for sudoers leave all important attributes out and of course filtering then fails. Can you help me to understand why following search results are so different (and

Hi, I'm having hard time getting sssd_sudo to work: when sssd_sudo accesses Samba ldap with host principal 'dc1$@teemu.local' it can't read necessary attributes like objectclass: sudoRole. When accessing as Administrator all attributes are shown. How can I enable other users then Administrator to access sudoers' attributes? Below is an example. [root at dc1 var]# kinit

Hello list, I took another stab at finding a way to add a sudo user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~]

I took your suggestion and turned my (ill advised) sudoers bash script into an expect script! It works a lot better this way and is more secure. Because I'm not trying to store a password in a script (which I recognize as a bad idea anyway, I I think I've learned my lesson here). It really works well. But the only thing I'm still trying to figure out is how to put a if statement in

so I have this sudo module that I''ve been working on: class auth::sudo { package { sudo: ensure => installed } file { sudo_config: name => "/tmp/sudoers", owner => "root", group => "root", mode => 0440, notify => Exec["sudoers-syntax"], source => [

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my

Hi, I have a DC on samba 4.17.12 I want store sudoers in LDAP, and use sssd for get rules from LDAP. I was configured sssd.conf [sssd] config_file_version = 2 services = nss, pam, sudo user = _sssd domains = TEST.ALT [nss] [sudo] [pam] [domain/TEST.TLD] dyndns_update = true id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash

On Fri, 24 Nov 2023 13:30:13 +0500 Anton Shevtsov via samba <samba at lists.samba.org> wrote: > Hi, > > I have a DC on samba 4.17.12 > > I want store sudoers in LDAP, and use sssd for get rules from LDAP. > > I was configured sssd.conf > > [sssd] > config_file_version = 2 > services = nss, pam, sudo > user = _sssd > domains = TEST.ALT > >

Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! #pssh -i -h es_list "/bin/sudo /bin/systemctl restart elasticsearch; sleep 10" [1] 20:31:32 [SUCCESS] bluethundr at es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo

Hello CentOS I am having a bit of trouble importing an ldif into openldap, tho the syntax looks a-ok to me. I am attempting to import my sudoers list into my ldap configuration and I used an application called sudoers2ldif to generate the ldif. I used the following command to import the file: ============================================= [root at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h

24.11.2023 14:57, Rowland Penny via samba ?????: > On Fri, 24 Nov 2023 13:30:13 +0500 > Anton Shevtsov via samba<samba at lists.samba.org> wrote: > >> Hi, >> >> I have a DC on samba 4.17.12 >> >> I want store sudoers in LDAP, and use sssd for get rules from LDAP. >> >> I was configured sssd.conf >> >> [sssd] >>

Today I was testing Puppet''s fileserver feature and and error came up: client> /usr/sbin/puppetd --test --verbose --server puppet info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run notice: //Node[default]/sudo/Package[sudo]/ensure: created err: //Node[default]/sudo/File[/etc/sudoers]: Failed to retrieve current state of resource: No specified source

Hi I''m having some trouble with the following setup: node ''serverA'' inherits server-defaults { include myApp::install } node ''server-defaults'' inherits default { $sudoenv = ''custom_server'' } node default { $sudoenv = ''default'' include sudoers::config } class sudoers::config { file {

I''ve just installed express b28 on my system. After installing, I decided to move /opt to a zfs pool home/opt. After installing Blastwave''s latest sudo, I did my usual edits of sudoers. When I attempted to execute sudo ls to test things I got this: rtfm:/opt/csw/etc:>sudo ls sudo: /opt/csw/etc/sudoers is owned by gid 1, should be 0 But /opt/csw/etc/sudoers permissions

Hi all! I''m trying to setup a puppet module for sudo that will write multiple files with separate data for each file, all dependent on the hiera hierarchy. Here''s the relevant portion of my hiera.yaml: > :hierarchy: > > - "datacenter/app/role/node/%{::clientcert}" > > - "datacenter/app/role/%{::server_role}" > > -

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

Hi, I''m trying to use several sources to pick from in a remotefile statement: remotefile { "/etc/sudoers": mode => 0440, source => [ "config/apps/sudo/sudoers.${host}", "config/apps/sudo/sudoers" ], sourceselect => first } But it doesn''t seem to work. I get an error like this: "File source

I followed the setup instructions from http://www.owlriver.com/tips/non-root/ (link from the Centos wiki). All this is done on another 'clean' system, so I have to read the terminal screen there and tell what went wrong here. I then followed my colleague's instructions to get the tar, untar, autogen, configure, and finally make rpm. Well it was that make rpm command that finally

Hello, Consider two following cases: 1. On production systems on television stations, a sysadmin give teens (remaja group, age 13 and older) full administrator privileges by adding this line to sudoers: %remaja ALL=(ALL:ALL) ALL Rationale: Almost all programs on the system can only be run by teens as root. 2. On production systems on tobacco factories, a sysadmin also give adults (age 18

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05