Sudo Command Groups
Manage groups of sudo commands for simplified sudo policy management. Command groups enable collective assignment of multiple commands to sudo rules, reducing administrative overhead. Features include command addition and removal, nested command group membership, and centralized management of related command access policies.
Manage groups of Sudo Commands.
EXAMPLES
Add a new Sudo Command Group:
ipa sudocmdgroup-add --desc='administrators commands' admincmdsRemove a Sudo Command Group:
ipa sudocmdgroup-del admincmdsManage Sudo Command Group membership, commands:
ipa sudocmdgroup-add-member --sudocmds=/usr/bin/less --sudocmds=/usr/bin/vim admincmdsManage Sudo Command Group membership, commands:
ipa sudocmdgroup-remove-member --sudocmds=/usr/bin/less admincmdsShow a Sudo Command Group:
ipa sudocmdgroup-show admincmds
Commands
Command Description
sudocmdgroup-add Create new Sudo Command Group.
sudocmdgroup-add-member Add members to Sudo Command Group.
sudocmdgroup-del Delete Sudo Command Group.
sudocmdgroup-find Search for Sudo Command Groups.
sudocmdgroup-mod Modify Sudo Command Group.
sudocmdgroup-remove-member Remove members from Sudo Command Group.
sudocmdgroup-show Display Sudo Command Group.
sudocmdgroup-add
Usage:
ipa [global-options] sudocmdgroup-add SUDOCMDGROUP-NAME [options]
Create new Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--desc DESC Group description
--setattr SETATTR Set an attribute to a name/value pair. Format is
attr=value.
--addattr ADDATTR Add an attribute/value pair. Format is
attr=value. The attribute
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
sudocmdgroup-add-member
Usage:
ipa [global-options] sudocmdgroup-add-member SUDOCMDGROUP-NAME [options]
Add members to Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
--sudocmds SUDOCMDS sudo commands to add
sudocmdgroup-del
Usage:
ipa [global-options] sudocmdgroup-del SUDOCMDGROUP-NAME [options]
Delete Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--continue Continuous mode: Don’t stop on errors.
sudocmdgroup-find
Usage: ipa [global-options] sudocmdgroup-find [CRITERIA] [options]
Search for Sudo Command Groups.
Arguments
Argument Required Description
CRITERIA no A string searched in all relevant object
attributes
Options
Option Description
--sudocmdgroup-name SUDOCMDGROUP-NAME Sudo Command Group
--desc DESC Group description
--timelimit TIMELIMIT Time limit of search in seconds (0 is unlimited)
--sizelimit SIZELIMIT Maximum number of entries returned (0 is
unlimited)
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--pkey-only Results should contain primary key attribute only
(“sudocmdgroup-name”)
sudocmdgroup-mod
Usage:
ipa [global-options] sudocmdgroup-mod SUDOCMDGROUP-NAME [options]
Modify Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--desc DESC Group description
--setattr SETATTR Set an attribute to a name/value pair. Format is
attr=value.
--addattr ADDATTR Add an attribute/value pair. Format is
attr=value. The attribute
--delattr DELATTR Delete an attribute/value pair. The option will
be evaluated
--rights Display the access rights of this entry (requires
—all). See ipa man page for details.
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
sudocmdgroup-remove-member
Usage:
ipa [global-options] sudocmdgroup-remove-member SUDOCMDGROUP-NAME [options]
Remove members from Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.
--no-members Suppress processing of membership attributes.
--sudocmds SUDOCMDS sudo commands to remove
sudocmdgroup-show
Usage:
ipa [global-options] sudocmdgroup-show SUDOCMDGROUP-NAME [options]
Display Sudo Command Group.
Arguments
Argument Required Description
SUDOCMDGROUP-NAME yes Sudo Command Group
Options
Option Description
--rights Display the access rights of this entry (requires
—all). See ipa man page for details.
--all Retrieve and print all attributes from the
server. Affects command output.
--raw Print entries as stored on the server. Only
affects output format.