21 Sep
2013
21 Sep
'13
11:46 a.m.
On 20/09/13 08:36, Pavel Březina wrote:
Hi, no, it is not desirable. SSSD periodically downloads all rules that are applicable to the machine, and then filters them by user when sudo request is performed. In other words: filtering by sudoUser is there, only on other place (sssd_sudo process).
Hi, from reading the above, I assume that the sudo rules are cached with everything else in /var/lib/sss/db/cache_example.com.ldb. But the only referral to sudo in the db is:
dn: cn=sudorules,cn=custom,cn=example.com,cn=sysdb cn: sudorules sudoLastFullRefreshTime: 1379759042 distinguishedName: cn=sudorules,cn=custom,cn=example.com,cn=sysdb
I take it this is the base where the sudo rules should be stored, but there are none.
Rowland