From imam.toufique at intel.com Wed Mar 10 18:39:35 2010 From: imam.toufique at intel.com (Toufique, Imam) Date: Wed, 10 Mar 2010 16:39:35 -0700 Subject: [sudo-workers] sudo: unable to cache group --- from sudo 1.7.2.p5 Message-ID: Hi! I compiled sudo 1.7.2p5 and I am getting the following error: host> sudo -l sudo: unable to cache group nhm_042, already exists has anyone seen this issue? If so, is there a fix for this? Regards, Imam toufique From Todd.Miller at courtesan.com Wed Mar 10 20:49:38 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Wed, 10 Mar 2010 20:49:38 -0500 Subject: [sudo-workers] sudo: unable to cache group --- from sudo 1.7.2.p5 In-Reply-To: Your message of "Wed, 10 Mar 2010 16:39:35 MST." References: Message-ID: <201003110149.o2B1ncd0020068@core.courtesan.com> In message so spake "Toufique, Imam" (imam.toufique): > I compiled sudo 1.7.2p5 and I am getting the following error: > > host> sudo -l > sudo: unable to cache group nhm_042, already exists > > has anyone seen this issue? If so, is there a fix for this? That condition shouldn't be possible. Basically what is happening is that sudo looked up the group by name in a cache (really a red-black tree) and didn't find it but when it went to insert the record a few lines later, there was already a record there. Since sudo is single-threaded this shouldn't happen unless the gr_name field in the struct returned by getgrnam() doesn't match the name that was actually looked up. You could add some debugging to sudo_getgrnam() in pwutil.c to compare what is already in the cache to what getgrnam() returned. - todd - todd From bambenek.infosec at gmail.com Mon Mar 29 14:21:34 2010 From: bambenek.infosec at gmail.com (John C. A. Bambenek, GCIH, CISSP) Date: Mon, 29 Mar 2010 13:21:34 -0500 Subject: [sudo-workers] Sudo Rule Expiration (bug #339) Message-ID: Was hoping to see sudo enhanced with ability to have sudo rules expire at a given date/time. Submitted bug/enhancement #339. Is there any interest in this? I can code it up, but my free time sucks and don't want to clobber other work. -- Sent from my mobile device From maniac.nl at gmail.com Tue Mar 30 04:06:57 2010 From: maniac.nl at gmail.com (Mark Janssen) Date: Tue, 30 Mar 2010 09:06:57 +0100 Subject: [sudo-workers] Sudo Rule Expiration (bug #339) In-Reply-To: References: Message-ID: <531e3e4c1003300106m16cd9da3n7383c62149683663@mail.gmail.com> On Mon, Mar 29, 2010 at 7:21 PM, John C. A. Bambenek, GCIH, CISSP wrote: > Was hoping to see sudo enhanced with ability to have sudo rules expire > at a given date/time. Submitted bug/enhancement #339. Is there any > interest in this? > > I can code it up, but my free time sucks and don't want to clobber other work. It would be nice to have this feature. Currently I add comment-entries to all temporary sudoers rules (in LDAP) and set a calendar-reminder for myself to remove them after expiration. Having rules expire automatically would be nice. You'd still have to remove them later manually, but at least they would be disabled. -- Mark Janssen -- maniac(at)maniac.nl -- pgp: 0x357D2178 | ,''`. | Unix / Linux Open-Source and Internet Consultant @ Snow.nl | : :' : | Maniac.nl MarkJanssen.nl NerdNet.nl Unix.nl | `. `' | Skype: markmjanssen ICQ: 129696007 irc: FooBar on undernet | `- |