Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Ipa sudorule all commands

It was not the most clear to me how to write a sudo rule with "ALL" as the command set. I'm sure this was documented somewhere offline or on the Internet. Here's my cheat sheet for next time.

To grant user3 access to full sudo access on host server2:

ipa sudorule-add 'user3-server2-root'
ipa sudorule-add-host 'user3-server2-root' --hosts server2
ipa sudorule-add-user 'user3-server2-root' --users 'user3'
ipa sudorule-add-runasuser 'user3-server2-root' --users 'root'
ipa sudorule-mod 'user3-server2-root' --cmdcat='all'
ipa sudorule-add-option 'user3-server2-root' --sudooption '!authenticate'

The big deal is the --cmdcat which is short for command category. So instead of listing specific commands, it is the "ALL" equivalent.