Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-19130

[ansible-freeipa] ipasudorule: Allow setting groups for runasuser.

    • ansible-freeipa-1.12.1-1.el9
    • None
    • None
    • 1
    • rhel-sst-idm-ipa
    • ssg_idm
    • 24
    • 25
    • 1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2024-Q1-Alpha-S4
    • Enhancement
    • Hide
      .The `runasuser_group` parameter is now available in `ansible-freeipa` `ipasudorule`

      With this update, you can set Groups of RunAs Users for a `sudo` rule by using the `ansible-freeipa ipasudorule` module. The option is already available in the Identity{nbsp}Management (IdM) command-line interface and the IdM Web UI.
      Show
      .The `runasuser_group` parameter is now available in `ansible-freeipa` `ipasudorule` With this update, you can set Groups of RunAs Users for a `sudo` rule by using the `ansible-freeipa ipasudorule` module. The option is already available in the Identity{nbsp}Management (IdM) command-line interface and the IdM Web UI.
    • Done
    • None

      Cloned from https://github.com/freeipa/ansible-freeipa/issues/898

      IPA/IdM WebUI shows the following for sudo rule:

      As Whom
      RunAs User category the rule applies to
      RunAs Users
      Groups of RunAs Users

      RunAs Group category the rule applies to
      RunAs Groups

      It looks like currently one can set RunAs Users and RunAs Groups but not Groups of RunAs Users with ipasudorule.py.

      I have no use case for this currently but filing for completeness sake so probably low priority item. Thanks.

              rjeffman@redhat.com Rafael Jeffman
              twoerner Thomas Woerner
              Thomas Woerner Thomas Woerner
              Varun Mylaraiah Varun Mylaraiah
              Filip Hanzelka Filip Hanzelka
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: