If you create a sudorule with a usergroup, hostgroup, and commandgroup.
sudorule-show rulename
Rule name: rulename Enabled: TRUE Host Groups: hostgroupname Sudo Command Groups: sudocmdgroup-name
Note the absence of the usergroup.
I have compared this to the output of ipa hbacrule-show and have confirmed that "Group: groupname" is present in the output.
Curiously, it appears that when I perform a --all hbacrule-show correctly shows "Group: groupname" where as sudorule-show --all shows "memberuser_group: groupname"
This appears to be an aesthetic issue with the output rather than a functional problem that effects the rule.
<ldapsearch confirms both hbacrules and sudorules to be identical in terms of the usergroup, hostgroup attributes>
Fixed in: 9c9a513
Metadata Update from @jraquino: - Issue assigned to jzeleny - Issue set to the milestone: FreeIPA 2.0.2 RC2 (bug fixing)
Login to comment on this ticket.