Delegating Active Directory accounts with sudo
Being able to manage the Active Directory group membership is fundamental to our management of Linux. We can assign the ownership of files and directories to these groups and (more importantly) the delegate rights on the system using the /etc/sudoers
file.
Let's see how this delegation works. We will create a new group in the Active Directory and add an administrator to this group. As a simple setup, we are limited to users that we have created, as shown in the following commands:
$ adcli create-group --domain=example.com \ --domain-ou="OU=Linux,DC=example,dc=com" "Linux Admins" $ adcli add-member --domain=example.com "Linux Admins" Administrator
We now have two groups that we may want to use for delegation: Linux Users
and Linux Admins
. To delegate with the sudoers
system, we run the visudo
command as a root user or with sudo
. This file can be used as delegation, which allows selected commands to be run as root by selected users. These commands...