Hello.
1. Created user in freeipa
By this user I trying to launch command on freeipa host:
/usr/sbin/dmidecode -t bios -t baseboard -t system -t processor -t memory > file.txt
answer: Permission denied.
How to give permissions in freeipa server to do it? Or how to give 777 mod to files from freeipa for some users?
Running dmidecode requires root privileges, which can be gained with sudo:
Unit 8: Sudo rule management — FreeIPA 4.11-dev documentation
So, how to give root priviileges, and ability run commands without “sudo” word from FreeIpa?
If I give mode o+r to some files I can use this command without sudo.
How to give rights for some files from freeipa?
You can make sudo to not require password for a specific user/group:
sudo - FreeIPA sudoers rule - how to add NOPASSWD for ALL commands (no prompt for password) - Server Fault
As an option, you can use sudo -i to not prefix each command with sudo.
I recommend to refrain from spoiling file system permissions as much as possible.
Otherwise may result in various security and integrity related issues.
Is there option to do rule like line in sudoers file?
username ALL=NOPASSWD: ALL
so user may not write the “sudo” word.
Not really, unless you elevate shell at login:
tee -a ~/.bashrc << EOF > /dev/null
sudo -s
EOF