[sudo-users] Problem with Host_Alias

[Aaron Spangler]

Your results seem to verify what is in the visudo(8) man page.
I was going to recommend trying 'visudo -c -s', but according to the man 
page:

 -s Enable strict checking of the sudoers file.  If an alias is used
     before it is defined, visudo will consider this a parse error.
     Note that it is not possible to differentiate between an alias and
     a hostname or username that consists solely of uppercase letters,
     digits, and the underscore ('_') character.

The hostname comparison is case insensative, so as far as I can tell, 
you have a perfectly legal sudoers file (at least on k200).

And if I understand correctly what you wrote then the problem is that 
the commands match because the host alias has the same name of your 
temporary hostname?  Does the problem go away if you rename the box back 
to its original name?  Does the problem go away if you rename your alias?

 -Aaron


Aaron Bush wrote:

>This is Sudo version 1.6.7p5 on HPUX 11.11.
>
>I have a sudoers file which has this in it as a host alias (this is the only
>host alias in the file):
>Host_Alias      K200 = n4000b
>
>However the hostname command on the system returns:
>k200
>
>The Host_Alias should match the system hostname, it was changed during
>testing and not placed back after testing completed.  So this is a typo in
>the sudoers file.
>
>The problem is that privilege specifications are using the alias K200 (which
>is not the current hostname) and the users are still able to list and run
>commands?  Why is this so?  Here is an example of the privs. using the K200
>Host_Alias:
>
>COMM    K200 = (tftp) CHMOD600IOLAN, CHMOD400IOLAN
>
>Is it possible that a syntax error in the sudoers file is causing the
>host_alias portion to be ignored?
>
>Thanks,
>-ab
>
>
>____________________________________________________________ 
>sudo-users mailing list <sudo-users at gratisoft.us>
>For list information, options, or to unsubscribe, visit:
>http://www.gratisoft.us/mailman/listinfo/sudo-users
>  
>