First Last Prev Next    This bug is not in your last search results.
Bug 814 - Cmnd_Alias not managed in LDAP template
Cmnd_Alias not managed in LDAP template
Status: NEW
Product: Sudo
Classification: Unclassified
Component: Sudo
1.8.21
All All
: low enhancement
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-06 18:05 MST by Daniele Palumbo
Modified: 2017-12-20 16:47 MST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniele Palumbo 2017-12-06 18:05:00 MST 
From the ldap manual
https://www.sudo.ws/man/1.8.21/sudoers.ldap.man.html
"""
Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it.
"""

Anyway, in a large environment, the usage of Cmnd_Alias may keep small changes over the LDAP tree.
If one Cmnd_Alias is used by several template, this may impact with a huge LDIF modification.
It may also lead to some LDAP entry left behind with the original set of commands.

The desiderata is to have Sudo able to parse the Cmnd_Alias directive written into LDAP, as it happens currently for the local sudoers file.
First Last Prev Next    This bug is not in your last search results.