Todd C. Miller
Todd.Miller at courtesan.com
Wed Feb 11 14:05:40 EST 2004
In message <OFA12BE62F.18E783F7-ON85256E37.006205F5-85256E37.006265E0 at ohiohealt
so spake (DBSMITH):
> this is still saying that sudoers should be 0440 as I run sudo reject
> prt225 as user x
> my version is 1.6.7 patch5
> running on HPUX 11i and 11.0
Is /usr/local/etc/sudo/sudoers on an NFS-mounted filesystem? I'm
guessing that it is. Because NFS remaps uid to a non-privileged
uid (often -2), sudo uses group permissions to read the sudoers
file (that is why sudoers should generally be mode 0440 and not
mode 0400). To read the sudoers file, sudo will change its uid to
be non-zero and its gid to zero before opening the file.
The owner and group on your sudoers file looks correct so I'm unsure
just what the problem is. It is possible that your NFS server is
remapping gid 0 to a different value which would prevent sudo from
reading the file.
I just tested sudo on an HP-UX 11i machine with an NFS-mounted sudoers
file and it works OK for me. What were the configure arguments you
used when configuring sudo?
More information about the sudo-users