https://bugzilla.redhat.com/show_bug.cgi?id=769491
Description of problem: I am able to create the following sudo command via the web UI: /bin/chown -R apache\:developers /var/www/*/shared/log However, when attempting to add it to a command group it fails. My guess would be the colon is the cause (no dirty jokes intended :). This is a legal sudo command the colon just has to be escaped when specifying the command to the sudoers file. Web UI error: Some operations failed. Hide details /bin/chown -R apache:developers /var/www/*/shared/log: no such entry Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Create a command with a colon Attempt to add it to a group
\ is an escape character in IPA too and one currently has to escape the escape a bunch of times to work:
ipa sudocmdgroup-add-member colons --sudocmds='/bin/chown -R apache\\\\:developers /var/www/*/shared/log'
Whatever we come up with we need a more consistent way to handle escape characters so it works the same on single and multi-value attributes.
This looks like a good way to learn IPA's inner workings.
Moving to next month iteration.
master: dddebe2
ipa-2-2: 3738a61
Metadata Update from @dpal: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.