Does SSSD uses the falback sudoRunAs attribute for sudo rules configured in LDAP?

Solution Unverified - Updated -

Issue

  • I would like to change the default behavior when the sudoRunAsUser mapping is not present in sssd. Sudo (v1.8) via LDAP works with both sudoRunAs and sudoRunAsUser attribute
  • A sudo role will be executable as Root if the sudoRunAs / sudoRunAsUser attribute is not present in the sudo role, this behavior is by design (man page SUDOERS.LDAP(8))
  • Sudo via LDAP can handle both sudoRunAs and sudoRunAsUser attributes but sudo via sssd can only handle the sudoRunAsUser attribute

Environment

  • Red Hat Enterprise Linux (RHEL) 6.4
  • Super User Do (sudo) 1.8
  • System Security Services Daemon (SSSD) 1.9.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content