VMware Cloud Community
RobMokkink
Expert
Expert
Jump to solution

sudoers + domain group

I wonder why i can't use sudoers with domain groups.

I modified the /etc/sudoer, so a specific group has the ability to use sudo, but no luck

Has anyone tested this yet?

Reply
0 Kudos
1 Solution

Accepted Solutions
lamw
Community Manager
Community Manager
Jump to solution

Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.

Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.

Let's say the domain is "Primp-Industries" and the group is called "VI Admins"

The entry in sudoers file should be:

%Primp-Industries\\VI\ Admins ALL=(ALL) ALL

I had verified with the individual who I spoke to and he confirmed this worked in his environment.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

Reply
0 Kudos
6 Replies
lamw
Community Manager
Community Manager
Jump to solution

Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.

Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.

Let's say the domain is "Primp-Industries" and the group is called "VI Admins"

The entry in sudoers file should be:

%Primp-Industries\\VI\ Admins ALL=(ALL) ALL

I had verified with the individual who I spoke to and he confirmed this worked in his environment.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
RobMokkink
Expert
Expert
Jump to solution

your right. It works perfectly. I made an error with the domain if forgot the extra slash.

Reply
0 Kudos
maishsk
Expert
Expert
Jump to solution

LOL I was the individual Smiley Happy


Maish - VCP - vExpert 2010

VMware Communities User Moderator

Virtualization Architect & Systems Administrator

Twitter

Maish Saidel-Keesing • @maishsk • http://technodrone.blogspot.com • VMTN Moderator • vExpert • Co-author of VMware vSphere Design
Reply
0 Kudos
scrookston
Enthusiast
Enthusiast
Jump to solution

I've tried what you have said but am still struggling. I've added the following to the Sudoers files on a VMA that has been joined to the domain I'll call TEST. I've created an AD global group called VI Admins and added the account I'm logging in with to that group.

%TEST
VI\ Admins ALL=(ALL) ALL

I've save the file and even after restarting the VMA I get a message that the account is not in the sudoers file.

Any help or guidance is greatly appreciated.

Sean http://www.seancrookston.com http://www.twitter.com/seancrookston
Reply
0 Kudos
scrookston
Enthusiast
Enthusiast
Jump to solution

I'm going to take that back. After some further troubleshooting I seemed to have some domain authentication issues. I removed and rejoined the vMA to the domain and all was well.

Sean http://www.seancrookston.com http://www.twitter.com/seancrookston
Reply
0 Kudos
Wimo
Hot Shot
Hot Shot
Jump to solution

Suppose there is no space in the group name?

So, in the example, it is just VI:

%Primp-Industries
VI ALL=(ALL) ALL

That didn't work.

%Primp-Industries\VI ALL=(ALL) ALL

That didn't work.

%Primp-Industries\VI\ ALL=(ALL) ALL

That didn't work, gave me a syntax error.

Reply
0 Kudos