Bug 746056
Summary: | [ipa webui] Unable to add external user for RunAs User for Sudo rules | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Namita Soman <nsoman> | ||||
Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 6.1 | CC: | jgalipea, mkosek, syeghiay | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | ipa-2.1.3-1.el6 | Doc Type: | Bug Fix | ||||
Doc Text: |
Cause: IPA Web UI does not allow adding an external user (i.e. user that is not managed by IPA) as sudo command RunAs user
Consequence: external RunAs user can be added to the sudo command via CLI only
Fix: As Whom section dialog box specifying used for adding RunAs users has been fixed and a text field for adding an external user has been added
Result: sudo command RunAs user can now be added via both Web UI and CLI
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-12-06 18:42:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 748554 | ||||||
Attachments: |
|
Description
Namita Soman
2011-10-13 18:41:54 UTC
I don't understand why you are looking at the error_log. Is the command failing? If so can you attach the log? No...that is just an example sudo command...could be any other command. # ipa sudocmd-add "/bin/mkdir" ------------------------------- Added Sudo Command "/bin/mkdir" ------------------------------- Sudo Command: /bin/mkdir # ipa sudorule-add mkdir_root ---------------------------- Added Sudo Rule "mkdir_root" ---------------------------- Rule name: mkdir_root Enabled: TRUE # ipa sudorule-add-allow-command mkdir_root [member sudo command]: /bin/mkdir [member sudo command group]: Rule name: mkdir_root Enabled: TRUE Sudo Allow Commands: /bin/mkdir ------------------------- Number of members added 1 Note: User 'one' is an IPA user # ipa sudorule-add-runasuser mkdir_root --users=one Rule name: mkdir_root Enabled: TRUE Sudo Allow Commands: /bin/mkdir RunAs Users: one ------------------------- Number of members added 1 ------------------------- Note: User 'root' is an external user # ipa sudorule-add-runasuser mkdir_root --users=root Rule name: mkdir_root Enabled: TRUE Sudo Allow Commands: /bin/mkdir RunAs Users: one RunAs External User: root ------------------------- Number of members added 1 ------------------------- I can do all the above commands in UI, except the last. And after adding root as a RunAs External user, I cannot view this in UI. I see User one listed, but not User root in UI Upstream ticket: https://fedorahosted.org/freeipa/ticket/1987 Fixed upstream master: 1e5391422143c17a94008a0703099c5f877e46fd ipa-2-1: f3a5d4883666c7e04e23cb454e28ccc83c54f04a Created attachment 530331 [details]
As Whom in sudo Rule
Verified: Can add external user in the As Whom section of a sudo rule now from the web UI. See attached screen shot. version: ipa-server-2.1.3-3.el6.x86_64 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: IPA Web UI does not allow adding an external user (i.e. user that is not managed by IPA) as sudo command RunAs user Consequence: external RunAs user can be added to the sudo command via CLI only Fix: As Whom section dialog box specifying used for adding RunAs users has been fixed and a text field for adding an external user has been added Result: sudo command RunAs user can now be added via both Web UI and CLI Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |