runtime issues
DBSMITH at OhioHealth.com
DBSMITH at OhioHealth.com
Wed Feb 11 12:54:46 EST 2004
Eric,
this is still saying that sudoers should be 0440 as I run sudo reject
prt225 as user x
my version is 1.6.7 patch5
running on HPUX 11i and 11.0
thank you!
Derek B. Smith
OhioHealth IT
UNIX / TSM / EDM Teams
"Ladner, Eric (Eric.Ladner)" <Eric.Ladner at chevrontexaco.com>
02/11/2004 09:52 AM
To: DBSMITH at OhioHealth.com
cc:
Subject: RE: runtime issues
chown bin:bin /usr/local/etc/sudo
chmod 755 /usr/local/etc/sudo
chmod 644 /usr/local/etc/sudo/sudo.log
chmod 444 /usr/local/etc/sudo/sudoers
It might be complaining because the parent directory where the sudoers
file sits has a wide open (and strange for a directory) mode.
E
-----Original Message-----
From: DBSMITH at OhioHealth.com [mailto:DBSMITH at OhioHealth.com]
Sent: Wednesday, February 11, 2004 8:21 AM
To: Ladner, Eric (Eric.Ladner)
Subject: RE: runtime issues
Eric,
thanks for the quick response.... but unfortunately SUID is set. - - - s-
- x - - x
and there is definitely no other /usr/local mount point!!!
any other help??? : )
here is find results
-rw-r--r-- 1 root sys 7700 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/auth/sudo_auth.c
-rw-r--r-- 1 root sys 6118 Nov 22 2002
/usr/local/bin/ohiohealth/sudo-1.6.7p5/auth/sudo_auth.h
---s--x--x 1 root root 176128 Feb 9 15:32
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo
-rw-r--r-- 1 root sys 28839 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.c
-rw-r--r-- 1 root sys 17862 Mar 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.cat
-rw-r--r-- 1 root sys 7926 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.h
-rw-rw-rw- 1 root sys 21983 Feb 9 15:30
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.man
-rw-r--r-- 1 root sys 22065 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.man.in
-rw-rw-rw- 1 root sys 18500 Feb 9 15:32
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.o
-rw-r--r-- 1 root sys 15488 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.pod
-rw-r--r-- 1 root sys 52759 Mar 13 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.tab.c
-rw-r--r-- 1 root sys 570 Mar 13 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.tab.h
-rw-rw-rw- 1 root sys 36960 Feb 9 15:32
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo.tab.o
-rw-rw-rw- 1 root sys 4220 Feb 9 15:32
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudo_auth.o
-rw-r--r-- 1 root sys 580 Dec 16 2001
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudoers
-rw-r--r-- 1 root sys 49539 Mar 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudoers.cat
-rw-rw-rw- 1 root sys 48897 Feb 9 15:30
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudoers.man
-rw-r--r-- 1 root sys 49064 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudoers.man.in
-rw-r--r-- 1 root sys 37303 Apr 15 2003
/usr/local/bin/ohiohealth/sudo-1.6.7p5/sudoers.pod
-rw-rw-rw- 1 root sys 0 Feb 9 15:23
/usr/local/etc/sudo/sudo.log
-r--r----- 1 root root 1898 Feb 10 14:42
/usr/local/etc/sudo/sudoers
-r--r--r-- 1 root root 21983 Feb 9 15:32
/usr/local/man/man1m/sudo.1m
-r--r--r-- 1 root root 48897 Feb 9 15:32
/usr/local/man/man4/sudoers.4
/usr/local/bin/ohiohealth/sudo-1.6.7p5:
total 5440
drwxr-xr-x 4 root sys 8192 Feb 9 15:32 .
drwxrwxrwx 3 root sys 8192 Feb 9 15:29 ..
-rw-r--r-- 1 root sys 1029 May 4 2002 BUGS
-rw-r--r-- 1 root sys 61284 May 6 2003 CHANGES
-rw-r--r-- 1 root sys 1854 May 8 2003 HISTORY
-rw-r--r-- 1 root sys 28192 Mar 21 2003 INSTALL
-rw-r--r-- 1 root sys 7721 Aug 17 1996
INSTALL.configure
-rw-r--r-- 1 root sys 3669 Apr 15 2003 LICENSE
-rw-rw-rw- 1 root sys 14092 Feb 9 15:30 Makefile
-rw-r--r-- 1 root sys 14251 Apr 15 2003 Makefile.in
-rw-r--r-- 1 root sys 4791 Jan 21 2002 PORTING
-rw-r--r-- 1 root sys 3858 Sep 19 2002 README
-rw-r--r-- 1 root sys 9175 Mar 27 2003 RUNSON
-rw-r--r-- 1 root sys 4695 Mar 27 2003 TODO
-rw-r--r-- 1 root sys 8091 Jan 21 2002 TROUBLESHOOTING
-rw-r--r-- 1 root sys 2746 Aug 26 1999 UPGRADE
-rw-r--r-- 1 root sys 10230 Mar 21 2003 aclocal.m4
-rw-r--r-- 1 root sys 30 May 28 1994 aixcrypt.exp
-rw-r--r-- 1 root sys 6890 Apr 15 2003 alloc.c
-rw-rw-rw- 1 root sys 3800 Feb 9 15:32 alloc.o
-rw-r--r-- 1 root sys 13192 Jun 25 1996 alloca.c
drwxr-xr-x 2 root sys 8192 Feb 9 15:29 auth
-rw-r--r-- 1 root sys 15118 Apr 15 2003 check.c
-rw-rw-rw- 1 root sys 8900 Feb 9 15:32 check.o
-rw-r--r-- 1 root sys 6244 Apr 15 2003 compat.h
-rwxr-xr-x 1 root sys 41033 Jan 20 2003 config.guess
-rw-rw-rw- 1 root sys 15176 Feb 9 15:30 config.h
-rw-r--r-- 1 root sys 14269 Apr 4 2003 config.h.in
-rw-rw-rw- 1 root sys 99878 Feb 9 15:30 config.log
-rwxrwxrwx 1 root sys 36250 Feb 9 15:30 config.status
-rwxr-xr-x 1 root sys 29770 Jan 20 2003 config.sub
-rwxr-xr-x 1 root sys 432164 May 6 2003 configure
-rw-r--r-- 1 root sys 68405 May 6 2003 configure.in
-rw-r--r-- 1 root sys 4746 May 3 2002 def_data.c
-rw-r--r-- 1 root sys 2055 May 3 2002 def_data.h
-rw-r--r-- 1 root sys 3963 May 3 2002 def_data.in
-rw-r--r-- 1 root sys 19346 Apr 15 2003 defaults.c
-rw-r--r-- 1 root sys 3717 Apr 15 2003 defaults.h
-rw-rw-rw- 1 root sys 16704 Feb 9 15:32 defaults.o
drwxr-xr-x 2 root sys 96 Feb 9 15:29 emul
-rw-r--r-- 1 root sys 12287 May 6 2003 env.c
-rw-rw-rw- 1 root sys 7516 Feb 9 15:32 env.o
-rw-r--r-- 1 root sys 3849 Apr 15 2003 fileops.c
-rw-rw-rw- 1 root sys 1000 Feb 9 15:32 fileops.o
-rw-r--r-- 1 root sys 4903 Apr 15 2003 find_path.c
-rw-rw-rw- 1 root sys 2024 Feb 9 15:32 find_path.o
-rw-r--r-- 1 root sys 4331 Mar 23 2000 fnmatch.3
-rw-r--r-- 1 root sys 6671 Dec 14 2001 fnmatch.c
-rw-rw-rw- 1 root sys 2624 Feb 9 15:32 fnmatch.o
-rw-r--r-- 1 root sys 6795 Dec 14 2001 getcwd.c
-rw-r--r-- 1 root sys 6739 Apr 15 2003 getspwuid.c
-rw-rw-rw- 1 root sys 1724 Feb 9 15:32 getspwuid.o
-rw-r--r-- 1 root sys 2817 Apr 15 2003 goodpath.c
-rw-rw-rw- 1 root sys 880 Feb 9 15:32 goodpath.o
-rw-r--r-- 1 root sys 261 Nov 27 1993 indent.pro
-rw-r--r-- 1 root sys 2285 Jul 31 1999 ins_2001.h
-rw-r--r-- 1 root sys 2214 Jul 31 1999 ins_classic.h
-rw-r--r-- 1 root sys 2403 Jul 31 1999 ins_csops.h
-rw-r--r-- 1 root sys 2907 Jul 31 1999 ins_goons.h
-rwxr-xr-x 1 root sys 3784 Jan 10 2002 install-sh
-rw-r--r-- 1 root sys 2564 Dec 6 1999 insults.h
-rw-r--r-- 1 root sys 9541 Apr 15 2003 interfaces.c
-rw-r--r-- 1 root sys 2437 Apr 15 2003 interfaces.h
-rw-rw-rw- 1 root sys 3144 Feb 9 15:32 interfaces.o
-rw-r--r-- 1 root sys 77721 Mar 14 2003 lex.yy.c
-rw-rw-rw- 1 root sys 28960 Feb 9 15:32 lex.yy.o
-rw-r--r-- 1 root sys 16031 Apr 15 2003 logging.c
-rw-r--r-- 1 root sys 2505 Oct 31 1999 logging.h
-rw-rw-rw- 1 root sys 10864 Feb 9 15:32 logging.o
-rw-r--r-- 1 root sys 3586 Dec 14 2001 lsearch.c
-rwxr-xr-x 1 root sys 1731 Dec 10 2001 mkdefaults
-rwxr-xr-x 1 root sys 1661 Apr 3 2003 mkinstalldirs
-rw-r--r-- 1 root sys 13131 Apr 15 2003 parse.c
-rw-r--r-- 1 root sys 3350 Nov 2 2001 parse.h
-rw-r--r-- 1 root sys 10487 Apr 15 2003 parse.lex
-rw-rw-rw- 1 root sys 7052 Feb 9 15:32 parse.o
-rw-r--r-- 1 root sys 28578 Apr 15 2003 parse.yacc
-rw-rw-rw- 1 root sys 1216 Feb 9 15:32 passwd.o
-rw-rw-rw- 1 root sys 3645 Feb 9 15:30 pathnames.h
-rw-r--r-- 1 root sys 3499 Apr 15 2003 pathnames.h.in
-rw-r--r-- 1 root sys 445 Dec 18 1999 sample.pam
-rw-r--r-- 1 root sys 3966 Oct 10 1999 sample.sudoers
-rw-r--r-- 1 root sys 946 Sep 10 1999
sample.syslog.conf
-rw-r--r-- 1 root sys 11988 Apr 15 2003 set_perms.c
-rw-rw-rw- 1 root sys 3200 Feb 9 15:32 set_perms.o
-rw-r--r-- 1 root sys 3643 Apr 15 2003 sigaction.c
-rw-r--r-- 1 root sys 17743 Dec 14 2001 snprintf.c
-rw-rw-rw- 1 root sys 11624 Feb 9 15:32 snprintf.o
-rw-r--r-- 1 root sys 4730 Dec 14 2001 strcasecmp.c
-rw-r--r-- 1 root sys 2291 Apr 15 2003 strerror.c
-rw-r--r-- 1 root sys 2528 Mar 15 2003 strlcat.c
-rw-rw-rw- 1 root sys 1008 Feb 9 15:32 strlcat.o
-rw-r--r-- 1 root sys 2396 Mar 14 2003 strlcpy.c
-rw-rw-rw- 1 root sys 860 Feb 9 15:32 strlcpy.o
---s--x--x 1 root root 176128 Feb 9 15:32 sudo
-rw-r--r-- 1 root sys 28839 Apr 15 2003 sudo.c
-rw-r--r-- 1 root sys 17862 Mar 15 2003 sudo.cat
-rw-r--r-- 1 root sys 7926 Apr 15 2003 sudo.h
-rw-rw-rw- 1 root sys 21983 Feb 9 15:30 sudo.man
-rw-r--r-- 1 root sys 22065 Apr 15 2003 sudo.man.in
-rw-rw-rw- 1 root sys 18500 Feb 9 15:32 sudo.o
-rw-r--r-- 1 root sys 15488 Apr 15 2003 sudo.pod
-rw-r--r-- 1 root sys 52759 Mar 13 2003 sudo.tab.c
-rw-r--r-- 1 root sys 570 Mar 13 2003 sudo.tab.h
-rw-rw-rw- 1 root sys 36960 Feb 9 15:32 sudo.tab.o
-rw-rw-rw- 1 root sys 4220 Feb 9 15:32 sudo_auth.o
-rw-r--r-- 1 root sys 580 Dec 16 2001 sudoers
-rw-r--r-- 1 root sys 49539 Mar 15 2003 sudoers.cat
-rw-rw-rw- 1 root sys 48897 Feb 9 15:30 sudoers.man
-rw-r--r-- 1 root sys 49064 Apr 15 2003 sudoers.man.in
-rw-r--r-- 1 root sys 37303 Apr 15 2003 sudoers.pod
-rw-r--r-- 1 root sys 10352 Apr 15 2003 testsudoers.c
-rw-r--r-- 1 root sys 8142 Apr 15 2003 tgetpass.c
-rw-rw-rw- 1 root sys 3620 Feb 9 15:32 tgetpass.o
-rw-r--r-- 1 root sys 2600 Apr 15 2003 utime.c
-rw-r--r-- 1 root sys 2065 May 8 2003 version.h
-rwxrwxrwx 1 root sys 131072 Feb 9 15:32 visudo
-rw-r--r-- 1 root sys 18045 Apr 15 2003 visudo.c
-rw-r--r-- 1 root sys 6965 Mar 15 2003 visudo.cat
-rw-rw-rw- 1 root sys 11987 Feb 9 15:30 visudo.man
-rw-r--r-- 1 root sys 12007 Apr 15 2003 visudo.man.in
-rw-rw-rw- 1 root sys 13436 Feb 9 15:32 visudo.o
-rw-r--r-- 1 root sys 7029 Apr 15 2003 visudo.pod
/usr/local/etc/sudo:
total 16
drw-rw-rw- 2 root sys 96 Feb 9 15:23 .
drw-rw-rw- 3 bin bin 96 Feb 2 13:46 ..
-rw-rw-rw- 1 root sys 0 Feb 9 15:23 sudo.log
-r--r----- 1 root root 1898 Feb 10 14:42 sudoers
Derek B. Smith
OhioHealth IT
UNIX / TSM / EDM Teams
"Ladner, Eric (Eric.Ladner)" <Eric.Ladner at chevrontexaco.com>
02/11/2004 08:27 AM
To: DBSMITH at OhioHealth.com, sudo-users at sudo.ws
cc:
Subject: RE: runtime issues
No.. Users don't have access to this file (or at least probably
shouldn't).
Do this:
$ which sudo
$ ls -l /where/ever/which/found/sudo # check that it's SUID root
If it is, check to see if /usr/local is another file system that was
mounted nosuid.
Eric
-----Original Message-----
From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
Behalf Of DBSMITH at OhioHealth.com
Sent: Wednesday, February 11, 2004 7:20 AM
To: sudo-users at sudo.ws
Subject: runtime issues
All,
I am testing with a user id to manage printers so here is what I have
done....
as user x > sudo reject prt225
/usr/local/etc/sudo/sudoers is mode 0444, should be 0440
as root > ls -la /usr/local/etc/sudo/sudoers
-r--r--r-- 1 root root 1898 Feb 10 14:42
/usr/local/etc/sudo/
So I change it to 440, and I get permission denied to sudoers???
as root > chmod 440 /usr/local/etc/sudo/sudoers
as user x > sudo reject prt225
sudo: can't open /usr/local/etc/sudo/sudoers: Permission denied
Doesn't the users need read access to this file?
thank you!
Derek B. Smith
OhioHealth IT
UNIX / TSM / EDM Teams
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list