Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

--- content:serverbasics:docker-freeipa [2025/12/07 17:48] – [Backup and Restore] obel1x
+++ content:serverbasics:docker-freeipa [2026/03/06 16:39] (aktuell) – [Setup Sudoers with FreeIPA/SSSD] obel1x
@@ Zeile 690: / Zeile 690: @@
 This is quite a cool feature to have client admin- users managed by putting them in an IPA- group. When Loggin in with SSSD they will get added to the sudoers, making them admin on the given machines. Check this out: [[https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/|https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/]]
+==== Additional Groups ====
+You can also add System- Groups in IPA, that the client may have. E.g. a very nice group to have, would be a group named "wheel". That group enables all users in it to install Software without beeing asked for a password.
+You can add the clientadmins- group to the wheel- group so all users of the clientadmins group will be in wheel to (check in IPA with the "indirect members" view, if wheel has all users, which clientsadmins has as "direct members" to make it work !).
 ===== Next Steps =====
@@ Zeile 710: / Zeile 717: @@
 # chgrp named /data/etc/named.conf
 # chown named:named /etc/named.keytab
-# chown root:named /etc/named/*
+# chown root:named -R -h -L /data/etc/named
 # chown named:named -R -h -L /data/var/named
@@ Zeile 719: / Zeile 726: @@
 # chown root:pkiuser /data/var/lib/ipa/pki-ca/publish -h -L
 # chown pkiuser:pkiuser /data/var/lib/ipa/pki-ca/publish/* -h -L
+# chown pkiuser:pkiuser /data/etc/sysconfig/pki-tomcat -h -L -R
+# chown pkiuser:pkiuser /data/etc/sysconfig/pki/tomcat/pki-tomcat -h -L -R
+# chown pkiuser:pkiuser /data/etc/pki/pki-tomcat -h -L -R
+# chown pkiuser:pkiuser /data/etc/pki/pki-tomcat -h -L -R
+# chown pkiuser:pkiuser /data/var/lib/pki/pki-tomcat -h -L -R
+# chown pkiuser:pkiuser /data/var/log/pki/pki-tomcat -h -L -R
+# chown root:named -h -L /etc/rndc.key
 # chown root:ipaapi /data/var/lib/ipa/ra-agent.* -h -L