Highlighted
Expert
Expert

sudoers + domain group

Jump to solution

I wonder why i can't use sudoers with domain groups.

I modified the /etc/sudoer, so a specific group has the ability to use sudo, but no luck

Has anyone tested this yet?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Community Manager
Community Manager

Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.

Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.

Let's say the domain is "Primp-Industries" and the group is called "VI Admins"

The entry in sudoers file should be:

%Primp-Industries\\VI\ Admins ALL=(ALL) ALL

I had verified with the individual who I spoke to and he confirmed this worked in his environment.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

0 Kudos
6 Replies
Highlighted
Community Manager
Community Manager

Yes this works, I've not done it myself but I just had a conversation with someone about this topic yesterday.

Let's say the domain group is called "VI Admins", I choose this example as it has a space which needs to be properly escaped in the /etc/sudoers file. You will also need to escape the first "slash" followed by the domain name as well.

Let's say the domain is "Primp-Industries" and the group is called "VI Admins"

The entry in sudoers file should be:

%Primp-Industries\\VI\ Admins ALL=(ALL) ALL

I had verified with the individual who I spoke to and he confirmed this worked in his environment.

=========================================================================

William Lam

VMware vExpert 2009,2010

VMware scripts and resources at:

Twitter: @lamw

Getting Started with the vMA (tips/tricks)

Getting Started with the vSphere SDK for Perl

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Community

If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

0 Kudos
Highlighted
Expert
Expert

your right. It works perfectly. I made an error with the domain if forgot the extra slash.

0 Kudos
Highlighted
Expert
Expert

LOL I was the individual Smiley Happy


Maish - VCP - vExpert 2010

VMware Communities User Moderator

Virtualization Architect & Systems Administrator

Twitter

Maish Saidel-Keesing • @maishsk • http://technodrone.blogspot.com • VMTN Moderator • vExpert • Co-author of VMware vSphere Design
0 Kudos
Highlighted
Enthusiast
Enthusiast

I've tried what you have said but am still struggling. I've added the following to the Sudoers files on a VMA that has been joined to the domain I'll call TEST. I've created an AD global group called VI Admins and added the account I'm logging in with to that group.

%TEST
VI\ Admins ALL=(ALL) ALL

I've save the file and even after restarting the VMA I get a message that the account is not in the sudoers file.

Any help or guidance is greatly appreciated.

Sean http://www.seancrookston.com http://www.twitter.com/seancrookston
0 Kudos
Highlighted
Enthusiast
Enthusiast

I'm going to take that back. After some further troubleshooting I seemed to have some domain authentication issues. I removed and rejoined the vMA to the domain and all was well.

Sean http://www.seancrookston.com http://www.twitter.com/seancrookston
0 Kudos
Highlighted
Hot Shot
Hot Shot

Suppose there is no space in the group name?

So, in the example, it is just VI:

%Primp-Industries
VI ALL=(ALL) ALL

That didn't work.

%Primp-Industries\VI ALL=(ALL) ALL

That didn't work.

%Primp-Industries\VI\ ALL=(ALL) ALL

That didn't work, gave me a syntax error.

0 Kudos