Does SSSD uses the falback sudoRunAs attribute for sudo rules configured in LDAP?
Issue
- I would like to change the default behavior when the sudoRunAsUser mapping is not present in sssd. Sudo (v1.8) via LDAP works with both sudoRunAs and sudoRunAsUser attribute
- A sudo role will be executable as Root if the sudoRunAs / sudoRunAsUser attribute is not present in the sudo role, this behavior is by design (man page SUDOERS.LDAP(8))
- Sudo via LDAP can handle both sudoRunAs and sudoRunAsUser attributes but sudo via sssd can only handle the sudoRunAsUser attribute
Environment
- Red Hat Enterprise Linux (RHEL) 6.4
- Super User Do (sudo) 1.8
- System Security Services Daemon (SSSD) 1.9.2
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
