On Tue, Dec 02, 2014 at 01:28:53PM -0800, Octavian Afilipoai wrote:
I have root ssh logins disabled by default, and I was using this
(root user in an ldap group with ssh access) as a quick
way of enabling root to login via ssh on a temporary basis.
Isn't it better to enable sudo from the ldap group, then?
On Tue, Dec 2, 2014 at 1:17 PM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
> On Tue, Dec 02, 2014 at 01:11:55PM -0800, Octavian Afilipoai wrote:
> > The workaround does not seem to work for the root user. I added the root
> > user to the sysadm group and put the following line in the [nss] section
> of
> > sssd.conf:
>
> That's very much expected, SSSD doesn't handle the root user by design.
>
> btw root bypasses all restrictions in Linux, why do you need root to be
> a member of a group?
>