-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
Medium
-
rhel-idm-sssd
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
All
-
None
-
57,005
1. Proposed title of this feature request
Enhance sudoers to allow setup rights to group based on "AND" boolean expression
2. Who is the customer behind the request?
Account: 1154492 - Capability Acquisition and Sustainment Group
TAM customer: No
CSM customer: No
Strategic: yes
3. What is the nature and description of the request?
Customer want to enhance sudoers to allow setup rights to group based on "AND" boolean expression.
e.g.
They want to be able to configure a sudoers file so that a particular set of rights is granted to someone If And Only If they are a member of both of two groups, where membership of just one but not the other is not sufficient.
For example, suppose that there are 2 groups ("developers", "team_leaders")
Although rights can be setup based on an OR basis ("developers" OR "team_leaders"),
but cannot be setup rights based on an AND basis ("developers" AND "team_leaders")
In support ticket, we already explained to customer that they can simple create another group that belonging to both groups (e.g. "devel_leaders"), but customer did not accept this.
4. Why does the customer need this? (List the business requirements here)
Answered by customer as below:
"Already explained, at least in principle - I'm sure that you will understand that I cannot go into details about how we actually implement user and groups accesses in our internal systems, and in any case I do not think that doing so would add value.
Anyway, this is an obvious thing for the sudoers to have. I was amazed to find that such an established piece of software didn't already have it."
5. How would the customer like to achieve this? (List the functional requirements here)
N/A
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
N/A
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL8, RHEL9)?
Answered by customer as below:
"I don't see any reason why this couldn't be done for RHEL 8."
9. Is the sales team involved in this request and do they have any additional input?
No
10. List any affected packages or components.
sudo
11. Would the customer be able to assist in testing this functionality if implemented?
Yes
- account is impacted by
-
-
- Closed
-
- external trackers
