sudo run as user or group https://fedorahosted.org/freeipa/ticket/570

2025-02-25 18:55:28 -06:00 · 2010-12-13 07:38:09 -08:00
parent 13139f2fd6
commit b23b3911d2
1 changed files with 62 additions and 0 deletions
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -46,6 +46,8 @@ class sudorule(LDAPObject):
        'memberhost': ['host', 'hostgroup'],
        'memberallowcmd': ['sudocmd', 'sudocmdgroup'],
        'memberdenycmd': ['sudocmd', 'sudocmdgroup'],
+        'ipasudorunas': ['user'],
+        'ipasudorunasgroup': ['group'],
    }

    label = _('SUDO')
@@ -81,6 +83,18 @@ class sudorule(LDAPObject):
            label=_('Command category'),
            doc=_('Command category the rule applies to'),
            values=(u'all', ),
+        ),
+        StrEnum('ipasudorunasusercategory?',
+            cli_name='runasusercat',
+            label=_('Run As User category'),
+            doc=_('Run As User category the rule applies to'),
+            values=(u'all', ),
+        ),
+        StrEnum('ipasudorunasgroupcategory?',
+            cli_name='runasgroupcat',
+            label=_('Run As Group category'),
+            doc=_('Run As Group category the rule applies to'),
+            values=(u'all', ),
        ),
            Str('memberuser_user?',
            label=_('Users'),
@@ -110,6 +124,14 @@ class sudorule(LDAPObject):
            label=_('Sudo Command Groups'),
            flags=['no_create', 'no_update', 'no_search'],
        ),
+            Str('ipasudorunas_user?',
+            label=_('Run As User'),
+            flags=['no_create', 'no_update', 'no_search'],
+        ),
+            Str('ipasudorunasgroup_group?',
+            label=_('Run As Group'),
+            flags=['no_create', 'no_update', 'no_search'],
+        ),

    )

@@ -292,3 +314,43 @@ class sudorule_remove_host(LDAPRemoveMember):
    member_count_out = ('%i object removed.', '%i objects removed.')

 api.register(sudorule_remove_host)
+
+
+class sudorule_add_runasuser(LDAPAddMember):
+    """
+    Add user for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunas']
+    member_count_out = ('%i object added.', '%i objects added.')
+
+api.register(sudorule_add_runasuser)
+
+
+class sudorule_remove_runasuser(LDAPRemoveMember):
+    """
+    Remove user for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunas']
+    member_count_out = ('%i object removed.', '%i objects removed.')
+
+api.register(sudorule_remove_runasuser)
+
+
+class sudorule_add_runasgroup(LDAPAddMember):
+    """
+    Add group for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunasgroup']
+    member_count_out = ('%i object added.', '%i objects added.')
+
+api.register(sudorule_add_runasgroup)
+
+
+class sudorule_remove_runasgroup(LDAPRemoveMember):
+    """
+    Remove group for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunasgroup']
+    member_count_out = ('%i object removed.', '%i objects removed.')
+
+api.register(sudorule_remove_runasgroup)