[sudo-users] Problem with Host_Alias

Aaron Spangler as at insight.rr.com
Thu Jul 8 09:42:20 EDT 2004

Its a limitation with the parsing of /etc/sudoers.  If you compile sudo
with the -ldap option and you enable storing of the sudoRoles into LDAP
you won't have this problem because Aliases are used.  It does require
setting up (or using an existing) LDAP server such as Novel NDS( aka
eDirectory), Microsoft Active Directory, Sun iPlanet Directory, IBM
Secureway or OpenLDAP.  Its always an option but it does require some up
front work.


> I have confirmed that sudo is checking the hostname against the variable
> name too.  If I change the variable name from K200 to K200A then the sudo
> access is denied as expected.  Is sudo supposed to be checking against the
> variable name and its contents too?  This seems to be dangerous as someone
> could accidently allow access to commands by choosing a poor variable
> name.
> Thanks,
> -ab
> -----Original Message-----
> From: Aaron Spangler [mailto:as at insight.rr.com]
> Sent: Wednesday, July 07, 2004 10:12 PM
> To: Aaron Bush; sudo-users at sudo.ws
> Subject: Re: [sudo-users] Problem with Host_Alias
> And if I understand correctly what you wrote then the problem is that
> the commands match because the host alias has the same name of your
> temporary hostname?  Does the problem go away if you rename the box back
> to its original name?  Does the problem go away if you rename your alias?
>  -Aaron
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list