[sudo-users] Re: sudo-users Digest, Vol 24, Issue 5 (On Vacation)
Dana Jaeger
Jaeger at harthosp.org
Thu Dec 23 14:01:50 EST 2004
I will be on vacation beginning Thursday 12/23 and returning Tuesday
12/28. In the event of an emergancy, please contact the tech support
help line. If your question concerns For Tivoli please contact Anca
Suciu (5-5156).
>>> sudo-users 12/23/04 14:00 >>>
Send sudo-users mailing list submissions to
sudo-users at sudo.ws
To subscribe or unsubscribe via the World Wide Web, visit
http://www.sudo.ws/mailman/listinfo/sudo-users
or, via email, send a message with subject or body 'help' to
sudo-users-request at sudo.ws
You can reach the person managing the list at
sudo-users-owner at sudo.ws
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sudo-users digest..."
Today's Topics:
1. Defaults authenticate "feature"? (Paul Stepowski)
2. Re: Defaults authenticate "feature"? (Todd C. Miller)
3. Re: Defaults authenticate "feature"? (Alek O. Komarnitsky (N-CSC))
----------------------------------------------------------------------
Message: 1
Date: Thu, 23 Dec 2004 10:49:41 +1000
From: Paul Stepowski <p.stepowski at qut.edu.au>
Subject: [sudo-users] Defaults authenticate "feature"?
To: sudo-users at sudo.ws
Message-ID: <41CA1625.1020706 at qut.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Hi,
Just something I noticed using the default flag authenticate.
When sudoers has:
Defaults authenticate
set (which is the default behaviour), the following commands
produce the following output:
---snip---
$ sudo -K
$ sudo date
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
Thu Dec 23 10:44:02 EST 2004
---snip---
When sudoers has:
Defaults !authenticate
set, the following commands produce the following output:
---snip---
$ sudo -K
$ sudo date
Thu Dec 23 10:45:22 EST 2004
---snip---
So when you disable user passwords, you're also disabling the
output of the sudo banner. This surprised me, I would have
thought the two would be independent. So IMHO, it violates
the principle of least surprise. It's not a big deal but I'm
curious if this was done deliberately.
Is this a feature or a bug?
Thanks,
Paul
------------------------------
Message: 2
Date: Wed, 22 Dec 2004 20:03:17 -0700
From: "Todd C. Miller" <Todd.Miller at courtesan.com>
Subject: Re: [sudo-users] Defaults authenticate "feature"?
To: Paul Stepowski <p.stepowski at qut.edu.au>
Cc: sudo-users at sudo.ws
Message-ID: <200412230303.iBN33HoU011028 at xerxes.courtesan.com>
In message <41CA1625.1020706 at qut.edu.au>
so spake Paul Stepowski (p.stepowski):
> So when you disable user passwords, you're also disabling the
> output of the sudo banner. This surprised me, I would have
> thought the two would be independent. So IMHO, it violates
> the principle of least surprise. It's not a big deal but I'm
> curious if this was done deliberately.
This is intentional, the lecture is effectively part of the password
prompt so if there is no password prompt you don't get lectured.
- todd
------------------------------
Message: 3
Date: Wed, 22 Dec 2004 21:28:14 -0700 (MST)
From: "Alek O. Komarnitsky (N-CSC)" <alek at ast.lmco.com>
Subject: Re: [sudo-users] Defaults authenticate "feature"?
To: Todd.Miller at courtesan.com, p.stepowski at qut.edu.au
Cc: sudo-users at sudo.ws
Message-ID: <200412230428.VAA08322 at hulk.ast.lmco.com>
> From sudo-users-bounces at courtesan.com Wed Dec 22 20:03 MST 2004
>
> In message <41CA1625.1020706 at qut.edu.au>
> so spake Paul Stepowski (p.stepowski):
>
> > So when you disable user passwords, you're also disabling the
> > output of the sudo banner. This surprised me, I would have
> > thought the two would be independent. So IMHO, it violates
> > the principle of least surprise. It's not a big deal but I'm
> > curious if this was done deliberately.
>
> This is intentional, the lecture is effectively part of the password
> prompt so if there is no password prompt you don't get lectured.
>
> - todd
Just to echo Todd's comments, it seems to me that if an
admin disables user passwords, then they should have
"lectured" the user before doing so! ;-)
alek
------------------------------
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
End of sudo-users Digest, Vol 24, Issue 5
*****************************************
More information about the sudo-users
mailing list