runtime issues
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Wed Feb 11 14:10:21 EST 2004
> From sudo-users-bounces at sudo.ws Wed Feb 11 12:06 MST 2004
>
> In message <OFA12BE62F.18E783F7-ON85256E37.006205F5-85256E37.006265E0 at ohiohealt
> h.com>
> so spake (DBSMITH):
>
> > this is still saying that sudoers should be 0440 as I run sudo reject
> > prt225 as user x
> > my version is 1.6.7 patch5
> > running on HPUX 11i and 11.0
>
> Is /usr/local/etc/sudo/sudoers on an NFS-mounted filesystem? I'm
> guessing that it is. Because NFS remaps uid to a non-privileged
> uid (often -2), sudo uses group permissions to read the sudoers
> file (that is why sudoers should generally be mode 0440 and not
> mode 0400). To read the sudoers file, sudo will change its uid to
> be non-zero and its gid to zero before opening the file.
>
> The owner and group on your sudoers file looks correct so I'm unsure
> just what the problem is. It is possible that your NFS server is
> remapping gid 0 to a different value which would prevent sudo from
> reading the file.
>
> I just tested sudo on an HP-UX 11i machine with an NFS-mounted sudoers
> file and it works OK for me. What were the configure arguments you
> used when configuring sudo?
>
> - todd
FYI FWIW: We use NFS (auto) mounted sudoers file on ~thousand UNIX
boxes including several hundred HP-UX 11i machines - works fine if
you have set things up as Todd describes above. I also talk about
this in my sudo presetation available at:
http://www.komar.org/pres/sudo/
alek
More information about the sudo-users
mailing list