sudo doesn't work on IPA clients/hosts if default host-group "ipaservers" is specified in sudo rule.
Issue
sudo
doesn't work on IPA clients if default host-group ipaservers is specified in sudo rule.sudo
fails on IPA clients if sudo-rule is applied on default host-group ipaservers:
[root@ipaserver ~]# ipa sudorule-show testsudo
Rule name: testsudo
Enabled: TRUE
Command category: all
User Groups: testgroup
Host Groups: ipaservers <-----
[root@ipaclient ~]# id testuser
uid=100001(testuser) gid=100001(testuser) goups=100001(testuser),100011(testgroup)
[root@ipaclient ~]# sudo -ll -U testuser
User testuser is not allowed to run sudo on ipaclient. <-----
Environment
- Red Hat Enterprise Linux 7.x
- IPA 4.x
- sudo
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.