Sudo Commands
Manage individual sudo commands for use in sudo rules. Commands represent specific executables with full paths that can be permitted or denied via sudo policies. Features include command creation with descriptions, command grouping, and integration with sudo rules for fine-grained privilege escalation control.
Commands used as building blocks for sudo
EXAMPLES
Create a new command
ipa sudocmd-add --desc='For reading log files' /usr/bin/lessRemove a command
ipa sudocmd-del /usr/bin/less
Commands
Command Description
sudocmd-add Create new Sudo Command.
sudocmd-del Delete Sudo Command.
sudocmd-find Search for Sudo Commands.
sudocmd-mod Modify Sudo Command.
sudocmd-show Display Sudo Command.
sudocmd-add
Usage: ipa [global-options] sudocmd-add COMMAND [options]
Create new Sudo Command.
Arguments
Argument Required Description
COMMAND yes Sudo Command
Options
Option Description
--desc DESC A description of this command
--setattr SETATTR Set an attribute to a name/value pair. Format is
attr=value.
--addattr ADDATTR Add an attribute/value pair. Format is
attr=value. The attribute
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
sudocmd-del
Usage: ipa [global-options] sudocmd-del COMMAND [options]
Delete Sudo Command.
Arguments
Argument Required Description
COMMAND yes Sudo Command
Options
Option Description
--continue Continuous mode: Don’t stop on errors.
sudocmd-find
Usage: ipa [global-options] sudocmd-find [CRITERIA] [options]
Search for Sudo Commands.
Arguments
Argument Required Description
CRITERIA no A string searched in all relevant object
attributes
Options
Option Description
--command COMMAND Sudo Command
--desc DESC A description of this command
--timelimit TIMELIMIT Time limit of search in seconds (0 is unlimited)
--sizelimit SIZELIMIT Maximum number of entries returned (0 is
unlimited)
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--pkey-only Results should contain primary key attribute only
(“command”)
sudocmd-mod
Usage: ipa [global-options] sudocmd-mod COMMAND [options]
Modify Sudo Command.
Arguments
Argument Required Description
COMMAND yes Sudo Command
Options
Option Description
--desc DESC A description of this command
--setattr SETATTR Set an attribute to a name/value pair. Format is
attr=value.
--addattr ADDATTR Add an attribute/value pair. Format is
attr=value. The attribute
--delattr DELATTR Delete an attribute/value pair. The option will
be evaluated
--rights Display the access rights of this entry (requires
—all). See ipa man page for details.
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
sudocmd-show
Usage: ipa [global-options] sudocmd-show COMMAND [options]
Display Sudo Command.
Arguments
Argument Required Description
COMMAND yes Sudo Command
Options
Option Description
--rights Display the access rights of this entry (requires
—all). See ipa man page for details.
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.