Feature: enviroment variables $HOSTNAME usable in GPOs

[simonwolfBHS]

Is there an existing request for this feature?

• I have searched the existing issues and found none that matched mine

Describe the feature

Our company is aiming to restrict the sudoer privilege very strict and for each computer individually.
Therefore for windows we have stared to create goups for this purpose e.g. secLoaclAdmin-DEVMACHINE01
In the Windows policies we are able to substitute the Hostname with a env variable %COMPUTERNAME% and thus in turn applies the correct group to the machines.

Unfortunately the adsys policy Ubuntu > Client management > Privilege Authorization > Client administrators is not honoring $HOSTNAME and only writes this as text into the file /etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf

Describe the ideal solution

Ideally this adsys policy would start to accept $HOSTNAME as a variable and processes this accordingly on the machine

Alternatives and current workarounds

we are creating a seperate GPO per machine which is leading to very cluttered GPO mgmt

Ubuntu users: System information

No response

Non Ubuntu users: System information

adsys version: adsysctl 0.14.1build1 adsysd 0.14.1build1
Distribution: Ubuntu 24.04 LTS (Nobel Numbat)

Additional information

No response

Double check your logs

• I have redacted any sensitive information from the logs

[didrocks]

That’s a sensible and interesting feature. Thanks for suggesting this!

I don’t think we have the time to work on it this immediately, but it can be a good first contribution for anyone interested if someone wants to beat us before we have a chance tackling this.

Tagging as such.