sudoers Match AD group

Using AD groups in sudoers

When you need to add an Active Directory group to the sudoers, you need to know a few things.
I learned from the sudoers man page that alias names can only be in capital letters, numbers, and underscores.
Also, when you use an AD group in a sudoers file (in my case, /etc/sudoers.d/70_web-dev_grp), you prepend the group name with a percent sign.

Also, I’m pretty sure you need to have the casing of the group name exactly correct, but I haven’t tested other casings and don’t plan to. If you know anything about this, comment and let me know!

User_Alias WEBDEVGRP = %Web-dev_grp
WEBDEVGRP ALL=(ALL) /sbin/apachectl

Reference

http://serverfault.com/questions/436037/sudoers-file-allow-sudo-on-specific-file-for-active-directory-group/444875#444875

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s