RE: sudo-users at sudo.ws
Boehler, Joe
Joe.Boehler at agedwards.com
Wed Apr 24 11:13:14 EDT 2002
FYI:
Richard Wright got me pointed in the right direction by suggesting I include
"set -x" in the script sudo was attempting to execute.
Once I did that, the problem became obvious. The user was sudo executing a
script which called another script and did a sudo command execution within
the second script.
The resolution wasn't elegant, but it worked. I added root to the sudoers.
Thanks Richard!
Joe
-----Original Message-----
From: Nasir Yilmaz (ATM/Network Grp. Bsk. Sistem Mühendisi)
[mailto:nyilmaz at iski.gov.tr]
Sent: Wednesday, April 24, 2002 12:39 AM
To: sudo-users at sudo.ws
Subject: sudo-users at sudo.ws
-----Original Message-----
From: sudo-users-request at sudo.ws [mailto:sudo-users-request at sudo.ws]
Sent: Tuesday, April 23, 2002 9:04 PM
To: sudo-users at sudo.ws
Subject: sudo-users digest, Vol 1 #323 - 6 msgs
Send sudo-users mailing list submissions to
sudo-users at sudo.ws
To subscribe or unsubscribe via the World Wide Web, visit
http://www.sudo.ws/mailman/listinfo/sudo-users
or, via email, send a message with subject or body 'help' to
sudo-users-request at sudo.ws
You can reach the person managing the list at
sudo-users-admin at sudo.ws
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sudo-users digest..."
Today's Topics:
1. vi and sudo (G Saoutine)
2. RE: stopping shell execution from with vi editor as root (Thomas
Robinson)
3. RE: vi and sudo (Thomas Robinson)
4. RE: vi and sudo (Allan.Marillier at dana.com)
5. RE: vi and sudo (Brent Fortman)
6. sudo error (Boehler, Joe)
--__--__--
Message: 1
Date: Mon, 22 Apr 2002 19:20:53 -0700 (PDT)
From: G Saoutine <gsaoutine at yahoo.com>
Reply-To: Grisha at Saoutine.com
Subject: vi and sudo
To: sudo-users at sudo.ws
dear list,
i am new to sudo and recently installed it on sun
solaris 2.6. when i open vi while acting in the sudo
context, vi still seems lets me execute shell commands
as root.
did i miss something in configuration? or what am i
doing wrong?
thanks,
greg
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
--__--__--
Message: 2
Subject: RE: stopping shell execution from with vi editor as root
Date: Tue, 23 Apr 2002 09:44:17 +0100
From: "Thomas Robinson" <tom.robinson at ehbas.com>
To: <sudo-users at sudo.ws>
>
> I see two approaches to this.
>
> One is to have the files belong to a limited group, with write access
> granted to the group, and with the specific users belonging
> to the group.
> If you include some sort of source control, such as SCCS or RCS, or
> something more modern, this makes things pretty clean. Oh,
> the containing
> directory should have the group sticky bit set and belong to the group
> so the files continue to be owned by that group.
>
> An alternative is to grant the users the ability to copy on top of the
> files in question, perhaps through the use of an appropriate script to
> control access. They edit a private copy and then replace the public
> copy with the private copy.
>
> Rich
Sounds ok but we found another way. Linux has a /bin/rvi and /bin/rview
which restrict the use of the shell from within editing sessions.
Thanks
Tom
>
> At 12:49 PM 04/12/2002 +0100, Thomas Robinson wrote:
> >Hi,
> >
> >I'd like to give permissions to some users so that they can edit
> >specific files as root. Unfortunately in my simple set up
> they can also
> >execute the :! command and gain root shell access. Is there
> any way to
> >defeat this or should I implement a different method to
> enable users to
> >edit files as root?
> >
> >My config looks roughly like the following:
> >
> >Cmnd_Alias ICANEDIT /bin/vi /etc/some.conf
> >
> >auser myhost = (root) ICANEDIT
> >
> >Regards
> >
> >Tom
> >
> >Thomas Robinson
> >Ehbas Ltd
> >T: 01273 234 665
> >F: 01273 704 499
> >
> >
> >This e-mail message is meant solely for the person or
> organisation to whom it is adressed. The message may contain
> personal or confidential information, or information that is
> not public in nature. Ehbas Ltd accepts no responsibility for
> message content and possible attachments that are unlawful or
> of questionable decency. Further dissemination, publication
> or duplication of this message is strictly prohibited if the
> person or organisation receiving this message is not the
> intended recipient. In the event that you are not the
> intended recipient, we request you to refrain from using the
> content and to immediately inform the sender of the error by
> returning the message. Thank you for your co-operation.
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
>
> --
>
> Richard C. Dempsey email: dempsey at kodak.com
> Kodak.com pager: 585-975-3539
> 3rd Floor, Bldg 16, KO phone: 585-781-5232
> Eastman Kodak Company
> Rochester, NY 14650-0706
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
This e-mail message is meant solely for the person or organisation to
whom it is adressed. The message may contain personal or confidential
information, or information that is not public in nature. Ehbas Ltd
accepts no responsibility for message content and possible attachments
that are unlawful or of questionable decency. Further dissemination,
publication or duplication of this message is strictly prohibited if the
person or organisation receiving this message is not the intended
recipient. In the event that you are not the intended recipient, we
request you to refrain from using the content and to immediately inform
the sender of the error by returning the message. Thank you for your
co-operation.
--__--__--
Message: 3
Subject: RE: vi and sudo
Date: Tue, 23 Apr 2002 09:46:43 +0100
From: "Thomas Robinson" <tom.robinson at ehbas.com>
To: <sudo-users at sudo.ws>
> dear list,
>
> i am new to sudo and recently installed it on sun
> solaris 2.6. when i open vi while acting in the sudo
> context, vi still seems lets me execute shell commands
> as root.
I'm not sure about Solaris, but linux has /bin/rvi and /bin/rview which
restrict the use of such things as executing shells from within an
editing session.
Tom
This e-mail message is meant solely for the person or organisation to
whom it is adressed. The message may contain personal or confidential
information, or information that is not public in nature. Ehbas Ltd
accepts no responsibility for message content and possible attachments
that are unlawful or of questionable decency. Further dissemination,
publication or duplication of this message is strictly prohibited if the
person or organisation receiving this message is not the intended
recipient. In the event that you are not the intended recipient, we
request you to refrain from using the content and to immediately inform
the sender of the error by returning the message. Thank you for your
co-operation.
--__--__--
Message: 4
Subject: RE: vi and sudo
To: tom.robinson at ehbas.com
Cc: sudo-users at sudo.ws, gsaoutine at yahoo.com
From: Allan.Marillier at dana.com
Date: Tue, 23 Apr 2002 08:42:14 -0400
vi on Linux is very often vim, which gives you the rvi
You can go to http://www.vim.org and download the latest source
for vim and compile it for any platform. I've built it with no trouble
on HP-UX and AIX, and also use precompiled vim executables on
my PC under Windows. (Adding some class and power to the OS!)
vim also gives you a GUI environment if you want it (gvim) and has a
rgvim
version as well, to give a restricted GUI vi.
vim has a number of benefits over stock vi, including providing simple
file locking - ensuring that two people don't vi the same file at the
same
time
and trash each other's changes.
(No - I have nothing to do with the vim project - I just believe it's a
very good
vi implentation.)
"Thomas
Robinson" To: <sudo-users at sudo.ws>
<tom.robinson@ cc:
ehbas.com> Subject: RE: vi and sudo
Sent by:
sudo-users-adm
in at sudo.ws
04/23/02 04:46
AM
> dear list,
>
> i am new to sudo and recently installed it on sun
> solaris 2.6. when i open vi while acting in the sudo
> context, vi still seems lets me execute shell commands
> as root.
I'm not sure about Solaris, but linux has /bin/rvi and /bin/rview which
restrict the use of such things as executing shells from within an
editing session.
Tom
This e-mail message is meant solely for the person or organisation to
whom
it is adressed. The message may contain personal or confidential
information, or information that is not public in nature. Ehbas Ltd
accepts
no responsibility for message content and possible attachments that are
unlawful or of questionable decency. Further dissemination, publication
or
duplication of this message is strictly prohibited if the person or
organisation receiving this message is not the intended recipient. In
the
event that you are not the intended recipient, we request you to refrain
from using the content and to immediately inform the sender of the error
by
returning the message. Thank you for your co-operation.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
--__--__--
Message: 5
From: Brent Fortman <Brent.Fortman at radioshack.com>
To: "'Grisha at Saoutine.com'" <Grisha at Saoutine.com>
Cc: sudo-users at sudo.ws
Subject: RE: vi and sudo
Date: Tue, 23 Apr 2002 08:03:12 -0500
> "while acting in the sudo context"
You may think sudo is doing more than it is designed to do. When you
"sudo
vi" you are simply running vi as root. There is no "sudo context" once
vi
begins to execute. Given that, it is a common practice amongst sudo
administrators to find other alternatives or exclude altogether the use
of
vi with sudo.
Brent
-----Original Message-----
From: G Saoutine [mailto:gsaoutine at yahoo.com]
Sent: Monday, April 22, 2002 9:21 PM
To: sudo-users at sudo.ws
Subject: vi and sudo
dear list,
i am new to sudo and recently installed it on sun
solaris 2.6. when i open vi while acting in the sudo
context, vi still seems lets me execute shell commands
as root.
did i miss something in configuration? or what am i
doing wrong?
thanks,
greg
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
--__--__--
Message: 6
From: "Boehler, Joe" <Joe.Boehler at agedwards.com>
To: "'sudo-users at sudo.ws'" <sudo-users at sudo.ws>
Subject: sudo error
Date: Tue, 23 Apr 2002 08:26:04 -0500
This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1EACA.6B222DE0
Content-Type: text/plain; charset="iso-8859-1"
I've encountered an error in sudo I've never seen before. A user
executing a
sudo command, in this case, a Veritas Netbackup command
sudo /usr/openv/netbackup/bin/goodies/nb_class_list servername receives
the
following:
$ sudo /usr/openv/netbackup/bin/goodies/nb_class_list myserver
*******************************
Client: myserver
*******************************
root is not in the sudoers file. This incident will be reported.
*******************************
$ id
uid=12353(boehlejt) gid=4(adm)
$
It doesn't matter who the user is, the response from sudo is the same.
I've looked at the permissions in sudo and they look correct. The
command
starts to execute, but then complains that root is not in the sudoers.
Any suggestions?
Thanks
Joe Boehler 59068
Unix Admin
*************************************************************************
**********
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
*************************************************************************
***********
------_=_NextPart_001_01C1EACA.6B222DE0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
5.5.2652.35">
<TITLE>sudo error</TITLE>
</HEAD>
<BODY>
<P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">I've encountered an
erro=
r in sudo I've never seen before. A user executing a sudo command, in
this =
case, a Veritas Netbackup command</FONT></P>
<P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">sudo
/usr/openv/netbacku=
p/bin/goodies/nb_class_list servername receives the following:</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"r_ansi">$ sudo
/usr/openv/netbackup/bin/goodies/n=
b_class_list myserver</FONT>
<BR><FONT SIZE=3D2
FACE=3D"r_ansi">*******************************</FONT>
<BR><FONT SIZE=3D2 FACE=3D"r_ansi">
Client: m=
yserver </FONT>
<BR><FONT SIZE=3D2
FACE=3D"r_ansi">*******************************</FONT>
<BR><FONT SIZE=3D2 FACE=3D"r_ansi">root is not in the sudoers
file. T=
his incident will be reported.</FONT>
<BR><FONT SIZE=3D2
FACE=3D"r_ansi">*******************************</FONT>
<BR><FONT SIZE=3D2 FACE=3D"r_ansi">$ id</FONT>
<BR><FONT SIZE=3D2 FACE=3D"r_ansi">uid=3D12353(boehlejt)
gid=3D4(adm)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"r_ansi">$ </FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">It doesn't matter who the user is, the
r
es=
ponse from sudo is the same.</FONT>
</P>
<BR>
<P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">I've looked at the
p
ermi=
ssions in sudo and they look correct. The command starts to execute, but
th=
en complains that root is not in the sudoers.</FONT></P>
<P><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Arial">Any
suggestions?</FONT>
</P>
<P><I><FONT COLOR=3D"#0000FF" FACE=3D"Times New Roman">Thanks</FONT></I>
<BR><I><FONT COLOR=3D"#0000FF" FACE=3D"Times New Roman">Joe
Boehler 5=
9068</FONT></I>
<BR><I><FONT COLOR=3D"#0000FF" FACE=3D"Times New Roman">Unix
Admin</FONT></=
I>
</P>
<CODE><FONT SIZE=3D3><BR>
<BR>
*************************************************************************
**=
********<BR>
WARNING: All e-mail sent to and from this address will be received
or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and
is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
*************************************************************************
**=
*********<BR>
</FONT></CODE></BODY>
</HTML>
------_=_NextPart_001_01C1EACA.6B222DE0--
--__--__--
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
End of sudo-users Digest
Bu mail İSKİ Anti-virus sistemi tarafından virus taramasından
geçirilmiştir.
Bu mail İSKİ Anti-virus sistemi tarafından virus taramasından
geçirilmiştir.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
***********************************************************************************
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-users/attachments/20020424/f79fba07/attachment.html>
More information about the sudo-users
mailing list