From 5c61babf958932c82e4b790b60d8e4cc151fbc71 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Thu, 21 Jan 2021 13:08:57 +0100
Subject: [PATCH] ipa/client: Let everybody run the sudo command

Signed-off-by: Nils Philippsen <nils@redhat.com>
---
 roles/ipa/client/tasks/hbac.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/ipa/client/tasks/hbac.yml b/roles/ipa/client/tasks/hbac.yml
index 9fc417aab0..c6c2e222d4 100644
--- a/roles/ipa/client/tasks/hbac.yml
+++ b/roles/ipa/client/tasks/hbac.yml
@@ -33,6 +33,19 @@
   tags:
     - config
 
+- name: "Let everybody run sudo"
+  ipahbacrule:
+    name: "sudo/all"
+    description: "Allow all users to execute the sudo command"
+    state: present
+    ipaadmin_password: "{{ ipa_admin_password }}"
+    hostcategory: "all"
+    usercategory: "all"
+    hbacsvcgroup:
+      - Sudo
+  tags:
+    - config
+
 ## Host-specific rules
 
 # shell access