https://bugzilla.redhat.com/show_bug.cgi?id=746056
Description of problem: There is no way to add root or any external user as a RunAs User for a Sudo Rule. Use case- Add a Sudo Command - to see httpd error logs. Then add a rule to run this command. Want to assign only root to be able to run the command and check the logs. But unable to add root as external RunAs user for this rule Version-Release number of selected component (if applicable): ipa-server-2.1.2-2.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a sudo command - cat /var/log/httpd/error_log 2. Add a sudo rule, allow the command added above 3. Add root in As whom section - for RunAs. Actual results: There is no way to add an external user Expected results: It should be possible to set up root or an external user to run this command Additional info:
Martin, Petr. It is possible that this is a framework issue being exposed by the UI, I'm not sure.
It's UI error. There isn't interface for adding external user. In CLI external RunAs user can be added by:
ipa sudorule-add-runasuser rulename --users=externaluser Rule name: rulename Enabled: TRUE RunAs External User: externaluser
master: 1e53914
ipa-2-1: f3a5d48
Metadata Update from @rcritten: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 2.1.4 (bug fixing)
Login to comment on this ticket.