A regra sysadm_sudo, permite que os membros do grupo de usuários linuxadm executem qualquer comando em qualquer host.
[root@sp-spo-ipa:~]# ipa group-add --desc='Linux Administrator' linuxadm ---------------------- Added group "linuxadm" ---------------------- Group name: linuxadm Description: Linux Administrator GID: 703600011
[root@sp-spo-ipa:~]# ipa group-add-member linuxadm --users=wairisson.gomes --users=gean.martins Group name: linuxadm Description: Linux Administrator GID: 703600011 Member users: wairisson.gomes, gean.martins ------------------------- Number of members added 2 -------------------------
[root@sp-spo-ipa:~]# ipa sudorule-add linuxadm_sudo --hostcat=all --runasusercat=all --runasgroupcat=all --cmdcat=all ------------------------------- Added Sudo Rule "linuxadm_sudo" ------------------------------- Rule name: linuxadm_sudo Enabled: TRUE Host category: all Command category: all RunAs User category: all RunAs Group category: all
[root@sp-spo-ipa:~]# ipa sudorule-add-user linuxadm_sudo --group linuxadm Rule name: linuxadm_sudo Enabled: TRUE Host category: all Command category: all RunAs User category: all RunAs Group category: all User Groups: linuxadm ------------------------- Number of members added 1 -------------------------
[root@sp-spo-ipa:~]# ipa group-show linuxadm Group name: linuxadm Description: Linux Administrator GID: 703600011 Member users: wairisson.gomes, gean.martins Member of Sudo rule: linuxadm_sudo
[root@sp-spo-ipa:~]# ipa group-show linuxadm --all dn: cn=linuxadm,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br Group name: linuxadm Description: Linux Administrator GID: 703600011 Member users: wairisson.gomes, gean.martins Member of Sudo rule: linuxadm_sudo ipauniqueid: 6d01956a-9524-11ea-b810-000c29ad9330 objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup
[root@sp-spo-ipa:~]# ipa group-show linuxadm --all --raw dn: cn=linuxadm,cn=groups,cn=accounts,dc=juntotelecom,dc=com,dc=br cn: linuxadm description: Linux Administrator gidnumber: 703600011 member: uid=wairisson.gomes,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br member: uid=gean.martins,cn=users,cn=accounts,dc=juntotelecom,dc=com,dc=br ipaUniqueID: 6d01956a-9524-11ea-b810-000c29ad9330 memberof: ipaUniqueID=7beff9ae-9524-11ea-83ae-000c29ad9330,cn=sudorules,cn=sudo,dc=juntotelecom,dc=com,dc=br objectClass: top objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: ipaobject objectClass: posixgroup