summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorJr Aquino <jr.aquino@citrix.com>2011-08-23 10:33:15 -0700
committerRob Crittenden <rcritten@redhat.com>2011-08-23 00:24:40 -0400
commiteb804d4cb37189c2127a10b446ef412930a032bd (patch)
tree915d8fd9e437d48b6d5d56ec179a65efa6837653 /ipalib/plugins
parent68a345712c040d30e57d31a7881619567f7d35c5 (diff)
downloadfreeipa-eb804d4cb37189c2127a10b446ef412930a032bd.zip
freeipa-eb804d4cb37189c2127a10b446ef412930a032bd.tar.gz
freeipa-eb804d4cb37189c2127a10b446ef412930a032bd.tar.xz
Improve sudorule documentation
Added brief explanations for the various Sudo components in the top level doc. Added doc entries for RunAs User and RunAs Group. https://fedorahosted.org/freeipa/ticket/1657
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/sudorule.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 1785947..55affa6 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -22,6 +22,15 @@ give certain users (or groups of users) the ability to run some (or all)
commands as root or another user while providing an audit trail of the
commands and their arguments.
+FreeIPA provides a means to configure the various aspects of Sudo:
+ Users: The user(s)/group(s) allowed to envoke Sudo.
+ Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke Sudo.
+ Allow Command: The specific command(s) permited to be run via Sudo.
+ Deny Command: The specific command(s) prohibited to be run via Sudo.
+ RunAsUser: The user(s) or group(s) of users whose rights Sudo will be invoked with.
+ RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.
+ Options: The various Sudoers Options that can modify Sudo's behavior.
+
FreeIPA provides a designated binddn to use with Sudo located at:
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
@@ -158,10 +167,12 @@ class sudorule(LDAPObject):
),
Str('ipasudorunas_user?',
label=_('RunAs User'),
+ doc=_('Run as a user or any user within a specified group'),
flags=['no_create', 'no_update', 'no_search'],
),
Str('ipasudorunas_group?',
label=_('RunAs Group'),
+ doc=_('Run with the gid of a specified POSIX group '),
flags=['no_create', 'no_update', 'no_search'],
),
Str('externaluser?', validate_externaluser,