i have a user admin who need to run some commands as other users with sudo privileges
example:
sudo -u dev_dummy chown /tmp/dump_file
for that i created :
- hbac rule : to grant access to sudo service
Description: Generated_rule_dummy_sudo
Enabled: TRUE
Users: admin
Hosts: enode2.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.com
Services: sudo
and
- sudo rule : to grant admin user to run all commands
Rule name: [admin]_RunAs
Description: Allows user admin to run any commands as dev_* users sudo -u dev_* <commands>
Enabled: TRUE
Command category: all
Users: admin
Hosts: enode2.26f5de01-5e40-4d8a-98bd-a4353b7bf5e3.com
Groups of RunAs Users: g_airflow_dev
Sudo Option: !authenticate
This configuration works well, i just want to restrict user (admin) access to run sudo -u instead of all commands
