From akaroumi at yahoo.com  Sun Mar  1 15:52:58 2009
From: akaroumi at yahoo.com (Ahmed Karoumi)
Date: Sun, 1 Mar 2009 20:52:58 +0000 (GMT)
Subject: [sudo-users] Re : allow one user to run commands as another (ie:
	sudo -u other_user command) in sudoers
Message-ID: <126009.27848.qm@web25105.mail.ukl.yahoo.com>


----- Message transf?r? ----

> De : Ahmed Karoumi <akaroumi at yahoo.com>
> ? : Robin Holt <holt at sgi.com>
> Envoy? le : Jeudi, 26 F?vrier 2009, 14h21mn 03s
> Objet : Re : [sudo-users] allow one user to run commands as another (ie: sudo -u other_user command) in sudoers
> 
> ----- Message d'origine ----
> 
> > De : Robin Holt 
> > ? : ivar vasara 
> > Cc : sudo-users at sudo.ws
> > Envoy? le : Dimanche, 22 F?vrier 2009, 6h21mn 55s
> > Objet : Re: [sudo-users] allow one user to run commands as another (ie: sudo 
> -u other_user command) in sudoers
> > 
> > On Thu, Feb 19, 2009 at 04:06:07PM -0800, ivar vasara wrote:
> > > Hi all,
> > > 
> > > I've been browsing the sudo-user archives for solutions to my problem and
> > > have found a few promising recent threads, but nothing exactly what I'm
> > > looking for. The sudoers man page looks promising, but a solution is far
> > > from clear for my quandry.
> > > I would like to allow the 'www-data' user to run commands as the
> > > 'capistrano' user without requiring a password, and without dropping to
> > > capistrano's shell (ie: not using 'su'). My attempts have all failed, and so
> > > far my best guess is the following clause in /etc/sudoers :
> > > 
> > > www-data ALL=NOPASSWD: /usr/bin/sudo -u capistrano
> > > 
> > 
> > I am not sure this is what you want, but I just did
> > 
> > www-data    ALL=(ALL) NOPASSWD: /bin/su - capistrano
> > 
> > and it did what I think you are asking for.
> > 
> > Thanks,
> > Robin
> > ____________________________________________________________ 
> > sudo-users mailing list 
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
 
Example to see capistrano's crontab, try this:
www-data ALL=(capistrano) NOPASSWD: /bin/crontab -l capistrano

add this line for each command that you want to autorized with sudo privilege, 
or use Cmnd_Alias to give a list of commands:

Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm, ...
www-data ALL=(capistrano) NOPASSWD: PRINTING

Regards,
Ahmed.



      


From priyanka-h.verma at hp.com  Mon Mar  2 08:27:20 2009
From: priyanka-h.verma at hp.com (Verma, Priyanka H)
Date: Mon, 2 Mar 2009 13:27:20 +0000
Subject: [sudo-users] query-Does /etc/ldap.conf file changes depending upon
 ldap client used while building sudo
Message-ID: <37CF5EFF11DA5C4E859123EF0477D7B85007B65439@GVW1104EXC.americas.hpqcorp.net>

Hi All,

I'm trying to use Sudo with Ldap-UX. I'm successful in building and running sudo with Ldap-UX. However sudo binaries are still using /etc/ldap.conf file to bind to ldap server.
 By default Ldap-UX client configuration file is /etc/opt/ldapux/ldapux_client.conf which stores server details in the format:

Service: NSS
LDAP_HOSTPORT="127.0.0.0:389"
PROFILE_ENTRY_DN="cn=Manager,dc=example,dc=com"
PROGRAM="/opt/ldapux/config/create_profile_cache"

However Sudo doesn't detect Ldap with this format.
What should I do to make sudo read /etc/opt/ldapux/ldapux_client.conf for binding with server?


Thanks and Regards
-Priyanka


From Todd.Miller at courtesan.com  Mon Mar  2 10:16:59 2009
From: Todd.Miller at courtesan.com (Todd C. Miller)
Date: Mon, 02 Mar 2009 10:16:59 -0500
Subject: [sudo-users] query-Does /etc/ldap.conf file changes depending
	upon ldap client used while building sudo
In-Reply-To: Your message of "Mon, 02 Mar 2009 13:27:20 GMT."
	<37CF5EFF11DA5C4E859123EF0477D7B85007B65439@GVW1104EXC.americas.hpqcorp.net>
References: <37CF5EFF11DA5C4E859123EF0477D7B85007B65439@GVW1104EXC.americas.hpqcorp.net>
Message-ID: <200903021517.n22FGxoS016568@core.courtesan.com>

In message <37CF5EFF11DA5C4E859123EF0477D7B85007B65439 at GVW1104EXC.americas.hpqc
orp.net>
	so spake "Verma, Priyanka H" (priyanka-h.verma):

> However Sudo doesn't detect Ldap with this format.
> What should I do to make sudo read /etc/opt/ldapux/ldapux_client.conf
> for binding with server?

Run configure with the:

--with-ldap-conf-file=/etc/opt/ldapux/ldapux_client.conf

option.

 - todd


From priyanka-h.verma at hp.com  Tue Mar  3 03:24:55 2009
From: priyanka-h.verma at hp.com (Verma, Priyanka H)
Date: Tue, 3 Mar 2009 08:24:55 +0000
Subject: [sudo-users] query-Does /etc/ldap.conf file changes depending
 upon ldap client used while building sudo
In-Reply-To: <200903021517.n22FGxoS016568@core.courtesan.com>
Message-ID: <37CF5EFF11DA5C4E859123EF0477D7B850092BE289@GVW1104EXC.americas.hpqcorp.net>

Sudo is reading the /etc/opt/ldapux/ldapux_client.conf file however it does not interpret the ldap server ip and port number from the format of entries as specified in the ldapux_client.conf

Example of ldapux_client entry:
Service: NSS
LDAP_HOSTPORT="127.0.0.0:389"
PROFILE_ENTRY_DN="cn=Manager,dc=example,dc=com"
PROGRAM="/opt/ldapux/config/create_profile_cache"


Ldap-UX is already configured with ldap server and has entries for server ip and port but still I had to manually add the server ip and port number in the format used by /etc/ldap.conf ie

base dc=example, dc=com
sudoers_base ou=SUDOers,dc=example,dc=com
URI ldap://127.0.0.0
 

How can I make sudo understand contents of ldapux_client.conf so it can extract server ip address and port from already present entries?





 

-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
Sent: Monday, March 02, 2009 8:47 PM
To: Verma, Priyanka H
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] query-Does /etc/ldap.conf file changes depending upon ldap client used while building sudo 

In message <37CF5EFF11DA5C4E859123EF0477D7B85007B65439 at GVW1104EXC.americas.hpqc
orp.net>
	so spake "Verma, Priyanka H" (priyanka-h.verma):

> However Sudo doesn't detect Ldap with this format.
> What should I do to make sudo read /etc/opt/ldapux/ldapux_client.conf
> for binding with server?

Run configure with the:

--with-ldap-conf-file=/etc/opt/ldapux/ldapux_client.conf

option.

 - todd


From Todd.Miller at courtesan.com  Tue Mar  3 05:43:35 2009
From: Todd.Miller at courtesan.com (Todd C. Miller)
Date: Tue, 03 Mar 2009 05:43:35 -0500
Subject: [sudo-users] query-Does /etc/ldap.conf file changes depending
	upon ldap client used while building sudo
In-Reply-To: Your message of "Tue, 03 Mar 2009 08:24:55 GMT."
	<37CF5EFF11DA5C4E859123EF0477D7B850092BE289@GVW1104EXC.americas.hpqcorp.net>
References: <37CF5EFF11DA5C4E859123EF0477D7B850092BE289@GVW1104EXC.americas.hpqcorp.net>
Message-ID: <200903031043.n23AhZxn012446@core.courtesan.com>

That is because sudo reads ldap.conf itself (there is no standard
library for this) so you have to use the format specified in README.LDAP 
(or sudoers.ldap in 1.7.0).

 - todd


From eric.freeman at tbwachiat.com  Tue Mar 10 15:10:57 2009
From: eric.freeman at tbwachiat.com (Eric Freeman)
Date: Tue, 10 Mar 2009 15:10:57 -0400
Subject: [sudo-users] Sudo LDAP hp-ux
Message-ID: <C5DC3381.339DA%eric.freeman@tbwachiat.com>

We are running LDAPUX B.04.00, on HP-UX B.11.11. We are authenticating
against LDAP without any issues.
I want to point sudo v1.70 to authenticate against ldap. According to the
sudo documentation I need to add the following lines to /etc/ldap.conf. It
appears on hp-ux I need to modify the /usr/local/etc/openldap/ldap.conf
file. I believe this is where you need to put the sudoers_base file and the
host of the ldap server. I have modified both files but sudo does not appear
to be talking to my ldap server.

I have edited my nsswitch.conf file per the manual.
I have also edited /etc/pam.conf file with
sudo account sufficient /usr/lib/security/libpam_unix.1
sudo account required /usr/lib/security/libpam_ldap.1

I have put the defaults user inside of the sudoers container inside of ldap.

But, when I run the sudo command I don?t see it talking to my ldap server.

I installed sudo as a depot and it appears to have been configured with ldap
support
aptest:/usr/local/etc/openldap # sudo -V | head
Sudo version 1.7.0

Sudoers path: /usr/local/etc/sudoers
Authentication methods: 'pam'


Any help would be appreciated.

Thank you




Advertising Age Global Agency of the Year 2008
Adweek Global Agency of the Year 2008


This e-mail is intended only for the named person or entity to which it is addressed and contains valuable 
business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure.

If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail 
is strictly prohibited. Please notify us immediately of the error via e-mail to disclaimer at tbwachiat.com and 
please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation.


From Todd.Miller at courtesan.com  Tue Mar 10 16:12:13 2009
From: Todd.Miller at courtesan.com (Todd C. Miller)
Date: Tue, 10 Mar 2009 16:12:13 -0400
Subject: [sudo-users] Sudo LDAP hp-ux
In-Reply-To: Your message of "Tue, 10 Mar 2009 15:10:57 EDT."
	<C5DC3381.339DA%eric.freeman@tbwachiat.com> 
References: <C5DC3381.339DA%eric.freeman@tbwachiat.com> 
Message-ID: <200903102012.n2AKCDP4028943@core.courtesan.com>

In message <C5DC3381.339DA%eric.freeman at tbwachiat.com>
	so spake Eric Freeman (eric.freeman):

> We are running LDAPUX B.04.00, on HP-UX B.11.11. We are authenticating
> against LDAP without any issues.
> I want to point sudo v1.70 to authenticate against ldap. According to the
> sudo documentation I need to add the following lines to /etc/ldap.conf. It
> appears on hp-ux I need to modify the /usr/local/etc/openldap/ldap.conf
> file. I believe this is where you need to put the sudoers_base file and the
> host of the ldap server. I have modified both files but sudo does not appear
> to be talking to my ldap server.

Try running this:

# sudo -V | grep ldap

You should get output like:

ldap.conf path: /etc/ldap.conf
ldap.secret path: /etc/ldap.secret

If you don't see an ldap.conf in the output your sudo was not
compiled with ldap support.

> I have edited my nsswitch.conf file per the manual.

You have an entry in /etc/nsswitch.conf that looks like this?

sudoers: ldap files

 - todd


From smabjish at yahoo.com  Tue Mar 10 17:15:31 2009
From: smabjish at yahoo.com (Sam Mabjish)
Date: Tue, 10 Mar 2009 14:15:31 -0700 (PDT)
Subject: [sudo-users] SUDO PERMISSIONS
Message-ID: <444264.4833.qm@web110803.mail.gq1.yahoo.com>

Hi to ALL,

I want to give an operator the ability to change passwords and unlock userids on my unix server. Is there a way in sudo to limit the excecution of?passwd, and make it only change the password of a group of userids that I specify or define?
i.e. I don't want the operator to be able to change the passwords for all the users defined on the system. I want him only to be able to change the password for a group of users? 
If there is a way in sudo, could you please give me the syntax?

Thank you all in advance
sam


      

From russell+sudo-users at loosenut.com  Wed Mar 11 17:21:13 2009
From: russell+sudo-users at loosenut.com (Russell Van Tassell)
Date: Wed, 11 Mar 2009 13:21:13 -0800
Subject: [sudo-users] SUDO PERMISSIONS
In-Reply-To: <444264.4833.qm@web110803.mail.gq1.yahoo.com>
References: <444264.4833.qm@web110803.mail.gq1.yahoo.com>
Message-ID: <20090311212113.GB1444@fubar.loosenut.com>


Honestly, sounds like a job better suited for a simple perl / shell script.


On Tue, Mar 10, 2009 at 02:15:31PM -0700, Sam Mabjish wrote:
> Hi to ALL,
> 
> I want to give an operator the ability to change passwords and unlock userids on my unix server. Is there a way in sudo to limit the excecution of?passwd, and make it only change the password of a group of userids that I specify or define?
> i.e. I don't want the operator to be able to change the passwords for all the users defined on the system. I want him only to be able to change the password for a group of users? 
> If there is a way in sudo, could you please give me the syntax?
> 
> Thank you all in advance
> sam

-- 
Russell M. Van Tassell
russell at loosenut.com

 "That married couples can live together day after day is a miracle that
 the Vatican has overlooked.                              -- Bill Cosby


From Chris.Schrimshaw at kub.org  Wed Mar 11 17:41:22 2009
From: Chris.Schrimshaw at kub.org (Chris.Schrimshaw at kub.org)
Date: Wed, 11 Mar 2009 17:41:22 -0400
Subject: [sudo-users] SUDO PERMISSION'S for AIX
Message-ID: <OF3F6A248F.FC2EEEBB-ON85257576.0075C768-85257576.00772513@kub.org>

I have a question that hopefully can be answered. 

I have 5 individuals that have been given the "OK" to increase the size of 
a file system using smitty. Until today, they have had root access which 
allowed them the permission to increase the size of any given file system. 
 I was given the task to get them their access back by using sudo instead 
of having root access. Does anybody know the right syntax for the sudoers 
file to make this happen?




Thanks
Chris

___________________
Chris Schrimshaw
AIX Systems Administrator
Office: (865) 558-2017
Fax:     (865) 558-2808


From jakrainer at yahoo.com  Thu Mar 12 04:08:34 2009
From: jakrainer at yahoo.com (Jackson Afonso Krainer)
Date: Thu, 12 Mar 2009 01:08:34 -0700 (PDT)
Subject: [sudo-users] SUDO PERMISSION'S for AIX
In-Reply-To: <OF3F6A248F.FC2EEEBB-ON85257576.0075C768-85257576.00772513@kub.org>
Message-ID: <728598.20848.qm@web52112.mail.re2.yahoo.com>


Chris,
If you configure sudo to allow them to use smitty they will be able to do everything that they can do today, even shell escape to a root shell through esc+9 keys. 
To only allow them to change the size of a filesystem you can configure the command /usr/sbin/chfs on their sudo profile. With this command they will be manually extend a filesystem as following:

sudo chfs -a size=+1G /filesystem

-to increase the /filesystem in 1 Gb

Best regards,

Jackson

--- Em qua, 11/3/09, Chris.Schrimshaw at kub.org <Chris.Schrimshaw at kub.org> escreveu:

> De: Chris.Schrimshaw at kub.org <Chris.Schrimshaw at kub.org>
> Assunto: [sudo-users] SUDO PERMISSION'S for AIX
> Para: sudo-users at sudo.ws
> Data: Quarta-feira, 11 de Mar?o de 2009, 14:41
> I have a question that hopefully can be answered. 
> 
> I have 5 individuals that have been given the
> "OK" to increase the size of 
> a file system using smitty. Until today, they have had root
> access which 
> allowed them the permission to increase the size of any
> given file system. 
>  I was given the task to get them their access back by
> using sudo instead 
> of having root access. Does anybody know the right syntax
> for the sudoers 
> file to make this happen?
> 
> 
> 
> 
> Thanks
> Chris
> 
> ___________________
> Chris Schrimshaw
> AIX Systems Administrator
> Office: (865) 558-2017
> Fax:     (865) 558-2808
> ____________________________________________________________
> 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users


      Veja quais s?o os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com


From don.ernsdorff at lmco.com  Mon Mar 16 22:23:31 2009
From: don.ernsdorff at lmco.com (Ernsdorff, Don)
Date: Mon, 16 Mar 2009 22:23:31 -0400
Subject: [sudo-users] "Defaults!<cmnd_list>" gives "syntax error"
Message-ID: <A79A2D741A822A46B9F0BFF4F4585DDB157256D4@emss10m02.us.lmco.com>

Hello.  We have Sudo version 1.6.9p15 installed.

 

I'm trying to set up a "Defaults!<cmnd_list>", but no matter what I try,

I always get a "syntax error".  I've got the following in my "sudoers"
file:

 

Cmnd_Alias SMM = /home/users/tools/smm

 

Defaults!SMM noexec

 

Any idea what's wrong?

Is this feature not working/available in my Sudo version?  

 

Thanks!

 

Don Ernsdorff



 



From Todd.Miller at courtesan.com  Tue Mar 17 06:53:53 2009
From: Todd.Miller at courtesan.com (Todd C. Miller)
Date: Tue, 17 Mar 2009 06:53:53 -0400
Subject: [sudo-users] "Defaults!<cmnd_list>" gives "syntax error"
In-Reply-To: Your message of "Mon, 16 Mar 2009 22:23:31 EDT."
	<A79A2D741A822A46B9F0BFF4F4585DDB157256D4@emss10m02.us.lmco.com> 
References: <A79A2D741A822A46B9F0BFF4F4585DDB157256D4@emss10m02.us.lmco.com> 
Message-ID: <200903171053.n2HArrwO001770@core.courtesan.com>

In message <A79A2D741A822A46B9F0BFF4F4585DDB157256D4 at emss10m02.us.lmco.com>
	so spake "Ernsdorff, Don" (don.ernsdorff):

> Hello.  We have Sudo version 1.6.9p15 installed.
> 
> I'm trying to set up a "Defaults!<cmnd_list>", but no matter what I try,
> I always get a "syntax error".

That feature is only available in sudo 1.7.0 and higher.

 - todd


From camattern at gmail.com  Thu Mar 26 14:15:24 2009
From: camattern at gmail.com (Chuck Mattern)
Date: Thu, 26 Mar 2009 14:15:24 -0400
Subject: [sudo-users] Sudo and shared memory permissions
Message-ID: <cqmmjt5qelwo61wdedp0qskf.1238091324139@email.android.com>

Greetings,

We're working on a migration from HP-UX to RHEL 4u7 and in the process from a home grown sudo type utility to sudo 1.6.8.  Some of the programs we are working with use shared memory for state information and message passing. One program (at least one that we know of so far )  in particular is challenging me as, after the sudo privelege escalation, it cannot attach to the desried shred memory segment.  I have run it through strace and found that. The exact same code the gets a successful shmat under the home grown utility (whether run under HP or RHEL) gets a permission denied under sudo. We have looked into some basic environmental differences based on the FAQ but found nothing to explain this other than possibly the fact that sudo does a more thorough job making the new process really run as user fred and group fred.  Since the owner of the segment in question is user barney, primary group users ( a hold over from the HP system) and the persimissions on the segment are 664 we set fred's primary group to users but to no avail.  Any thoughts or suggestions would be appreciated.


Regards,
Chuck
-- 
Sent from my Android phone with K-9. Please excuse my brevity.
-- 
Sent from my Android phone with K-9. Please excuse my brevity.

From eric.freeman at tbwachiat.com  Fri Mar 27 11:50:49 2009
From: eric.freeman at tbwachiat.com (Eric Freeman)
Date: Fri, 27 Mar 2009 11:50:49 -0400
Subject: [sudo-users] SETENV
Message-ID: <C5F26E19.3442A%eric.freeman@tbwachiat.com>

Since upgrading to sudo-1.7.0 and turning on LDAP ( I don?t think this point
is relevant since it is a local user) it appears the users environment
variables are not being honored.

I was reading the man pages and using google but I need some help. I am
running sudo-1.7.0 on HPUX 11.11

I modified the /etc/sudoers to look like:

ALL     ALL=(ALL) SETENV: ALL

However, this is not working.

When I run sudo -E I receive the following error:

sudo: sorry, you are not allowed to preserve the environment

I believe I need to change something in the above line in /etc/sudoers.

Thank you for your help.


This e-mail is intended only for the named person or entity to which it is addressed and contains valuable 
business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure.

If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail 
is strictly prohibited. Please notify us immediately of the error via e-mail to disclaimer at tbwachiat.com and 
please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation.


From Todd.Miller at courtesan.com  Fri Mar 27 12:01:46 2009
From: Todd.Miller at courtesan.com (Todd C. Miller)
Date: Fri, 27 Mar 2009 12:01:46 -0400
Subject: [sudo-users] SETENV
In-Reply-To: Your message of "Fri, 27 Mar 2009 11:50:49 EDT."
	<C5F26E19.3442A%eric.freeman@tbwachiat.com> 
References: <C5F26E19.3442A%eric.freeman@tbwachiat.com> 
Message-ID: <200903271601.n2RG1kAp020528@core.courtesan.com>

In message <C5F26E19.3442A%eric.freeman at tbwachiat.com>
	so spake Eric Freeman (eric.freeman):

> Since upgrading to sudo-1.7.0 and turning on LDAP ( I don?t think this point
> is relevant since it is a local user) it appears the users environment
> variables are not being honored.
> 
> I was reading the man pages and using google but I need some help. I am
> running sudo-1.7.0 on HPUX 11.11
> 
> I modified the /etc/sudoers to look like:
> 
> ALL     ALL=(ALL) SETENV: ALL
> 
> However, this is not working.
> 
> When I run sudo -E I receive the following error:
> 
> sudo: sorry, you are not allowed to preserve the environment
> 
> I believe I need to change something in the above line in /etc/sudoers.

That line looks correct, perhaps there is another sudoers line
that is overriding it.  What does the output of "sudo -l" show?

Note that you can change the environment handling to be more like
versions of sudo prior to 1.6.9 with a line like:

Defaults !env_reset

in sudoers, though there are security consequences.  The "SECURITY
NOTES" section of the manual talks a little bit about this.

 - todd


From eric.freeman at tbwachiat.com  Fri Mar 27 12:36:51 2009
From: eric.freeman at tbwachiat.com (Eric Freeman)
Date: Fri, 27 Mar 2009 12:36:51 -0400
Subject: [sudo-users] SETENV
In-Reply-To: <200903271601.n2RG1kAp020528@core.courtesan.com>
Message-ID: <C5F278E3.3443E%eric.freeman@tbwachiat.com>

I added removed the SETENV line since it didn't appear to be working and
added the Defaults !env_reset line

Everything is working now.

Is there a better way to accomplish this without weakening the sudo
security?

Thanks

sudo -l
Matching Defaults entries for root on this host:
    log_year, logfile=/var/adm/syslog/sudo.log, !env_reset,
    logfile=/var/adm/syslog/sudo.log, log_year

Runas and Command-specific defaults for root:


User root may run the following commands on this host:
    (ALL) ALL
    (root) NOPASSWD: /usr/sbin/mount, (root) /usr/sbin/umount, (root)
    /usr/sbin/pfs_mount, (root) /usr/sbin/pfs_umount, (root) /usr/sbin/pfsd
    (root) (ALL) ALL



On 3/27/09 12:01 PM, "Todd C. Miller" <Todd.Miller at courtesan.com> wrote:

> In message <C5F26E19.3442A%eric.freeman at tbwachiat.com>
> so spake Eric Freeman (eric.freeman):
> 
>> Since upgrading to sudo-1.7.0 and turning on LDAP ( I don?t think this point
>> is relevant since it is a local user) it appears the users environment
>> variables are not being honored.
>> 
>> I was reading the man pages and using google but I need some help. I am
>> running sudo-1.7.0 on HPUX 11.11
>> 
>> I modified the /etc/sudoers to look like:
>> 
>> ALL     ALL=(ALL) SETENV: ALL
>> 
>> However, this is not working.
>> 
>> When I run sudo -E I receive the following error:
>> 
>> sudo: sorry, you are not allowed to preserve the environment
>> 
>> I believe I need to change something in the above line in /etc/sudoers.
> 
> That line looks correct, perhaps there is another sudoers line
> that is overriding it.  What does the output of "sudo -l" show?
> 
> Note that you can change the environment handling to be more like
> versions of sudo prior to 1.6.9 with a line like:
> 
> Defaults !env_reset
> 
> in sudoers, though there are security consequences.  The "SECURITY
> NOTES" section of the manual talks a little bit about this.
> 
>  - todd



This e-mail is intended only for the named person or entity to which it is addressed and contains valuable 
business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure.

If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail 
is strictly prohibited. Please notify us immediately of the error via e-mail to disclaimer at tbwachiat.com and 
please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation.