Disregard .. I figured it out

just added /usr/bin fdisk -l to command list
run as user root and applied the command to sudo rule

Running as expected where sudo fdisk /dev/sda fails but sudo fdisk -l works





Sean Hogan





From: Sean Hogan/Durham/***@IBMUS
To: freeipa-users <freeipa-***@redhat.com>
Date: 03/27/2017 01:55 PM
Subject: [Freeipa-users] Sudo Rule flag limitations
Sent by: freeipa-users-***@redhat.com



Hello,

I was wondering how possible it would be to allow sudo commands with
certain flags but not the actual command

Case in point:

If a user requests sudo fdisk -l to view partitions can this be set without
giving access to sudo fdisk /dev/sda ?

Would the sudo rule have to deny fdisk /dev/sda but allow fdisk -l? Not
really sure how that would work.



ipa-client-3.0.0-50.el6.1.x86_64
ipa-server-selinux-3.0.0-50.el6.1.x86_64
ipa-server-3.0.0-50.el6.1.x86_64
sssd-ipa-1.13.3-22.el6_8.4.x86_64
python-libipa_hbac-1.13.3-22.el6_8.4.x86_64
ipa-admintools-3.0.0-50.el6.1.x86_64
python-iniparse-0.3.1-2.1.el6.noarch










Thank you



Sean Hogan




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project