[sudo-users] Please help
Simon K
k_simon78 at yahoo.com
Fri Sep 28 07:37:26 EDT 2012
Hi All ,
Machine : HP-UX
Architecture : 11.31
Sudo Version : 1.7.10b1
Sudo does not adequately filter out the information provided by the
DISPLAY_LAST_LOGIN variable in /etc/default/security and also corrupts the
formatting of the output of the command being run when non-su-like commands are
run through sudo.
Example:
# sudo ls /stand
Last
successful login: Mon Sep 24 10:31:14 MDT
2012
Last authentication failure: Fri Aug 24 07:02:23 MDT 2012
user-xxxx-yyy.com
.kc.lock
current
last_install vmunix
backup
ext_ioconfig
lost+found vpdb
boot.sys
ext_ioconfig.lkg
nextboot vpdb.100608
bootconf
ioconfig rootconf
vpdb.b4.upgrade
bootfs
ioconfig.lkg
system vpmon
crashconfig
krs
system.prev
Note
the printing of the last login information AND the formatting problems on the
2nd and 3rd lines of output - all for an ls command, which is not a command for
which one would need to see last login information. The only way I can
'fix' this is to disable the DISPLAY_LAST_LOGIN setting in
/etc/default/security, which is really little more than a band-aid fix for the
real problem. This does not occur on other flavors of UNIX, so this is
apparently something specific to HP-UX. Is this a by-design feature with
the Sudo tool, or is there some plan to fix this?
Here
is my current sudoers configuration:
Defaults
env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults
log_output
Defaults
log_input
Defaults
iolog_dir=/var/log/sudo-io/%{user}
Defaults!/usr/bin/sudoreplay
!log_output
Defaults!/usr/local/bin/sudoreplay
!log_output
Defaults!/sbin/reboot
!log_output
Defaults
always_set_home
Defaults
env_reset
Defaults
syslog=auth
Defaults
loglinelen=0
Defaults
!lecture
Defaults
!authenticate
Defaults
log_year, log_host, logfile=/var/adm/sudo/sudo.log
root
ALL=(ALL) ALL
ALL
ALL=(ALL) NOPASSWD: ALL
If
you have any guidance you could lend, I would greatly appreciate the
assistance.
Waiting for the response.
Thanks & Regards,
Simon K
More information about the sudo-users
mailing list