[sudo-users] su nopasswd
Stevens, William
William.Stevens at JPSHealth.org
Mon Dec 20 18:20:34 EST 2004
Greetings,
We have a vendor-installed application that uses sudo. The installation
uses the su script to replace the su binary (moved su to su.old and
su.orig). Several of the application accounts are set up in sudoers to
use the nopasswd option. Recently, this stopped working, and now any
access to these accounts prompts for a password.
This usually occurs with an su -c "put some commands here" or a /bin/sh
-c "some commands here" line in the various scripts used for the
application. Entering root's password or the account's password has no
observable effect.
Has anyone ever seen this behaviour, and does anyone have a guess about
what caused it?
I've looked through the log files and see errors like this:
Dec 20 15:02:45 : seso : command not allowed ; TTY=pts/9 ;
PWD=/home/sn_root/opt/seso/gui/rdiag/osh.bin ; USER=root ;
COMMAND=/bin/sh
-c /home/sn_root/opt/aremote/sn_aremotelog_trunc.csh
but looking in sudoers gives this:
root ALL=(ALL) ALL
seso ALL= NOPASSWD: /sbin/sh -c
/home/sn_root/opt/aremote/sn_aremotelog_trunc.csh
I see the /bin and /sbin difference, but it used to work, so I can only
guess that some other setting was regulating this command.
It's as if sudo has stopped reading the sudoers file. Any thoughts or
ideas would be much appreciated.
Just in case it's useful, here are the permissions on the various sudo
files:
---s--x--x 1 root root 91972 May 4 2002
/usr/local/bin/sudo*
-r-xr-xr-x 1 root root 2854 Jul 2 2003 /usr/bin/su*
-r--r----- 1 root root 7521 Nov 20 2003
/usr/local/etc/sudoers
I know that's a little sketchy. I can provide more details if needed.
Thanks in advance.
Regards,
--
William M. Stevens, CISSP
JPS Radiology
(817) 927-3586
More information about the sudo-users
mailing list