Bug, maybe?

Galen Johnson Galen.Johnson at sas.com
Fri Jun 4 15:53:29 EDT 2004


Here is an interesting issue I just ran into.  Running on an HP-UX IPF 11.23 and 1.6.8b4.  I have set in my Defaults "runas_default=someuser" with all other items setup properly.  However, when try to do, for example, 'sudo ls' I get back an error as follows (user is thisuser on host somehost):

Sorry, user thisuser is not allowed to execute '/bin/ls' as someuser on somehost.

I'm also seeing the following in the log:

Jun  4 15:33:55 lfiunx01 sudo:   thisuser : command not allowed ; TTY=pts/12 ; PWD=/home/thisuser ; USER=someuser ; COMMAND=/bin/ls
Jun  4 15:34:35 lfiunx01 sudo: Pam Creds are not available

Yet, if I run 'sudo -u someuser ls' it works just fine.  And the logs reflect this:

Jun  4 15:34:35 lfiunx01 sudo:   thisuser : TTY=pts/12 ; PWD=/home/thisuser ; USER=someuser ; COMMAND=/bin/ls


One thing to note regarding our setup...we are using the HP LDAPUX package to authenticate our users to the systems but I am not currently using the ldap components of sudo but this is the case regardless of whether ldap is compiled in or not.  I suspect it may have to do with HPs broken implementation of 'getpwent' (we tracked this down as the cause of another problem with a different app).  But, then again, if this were the case it wouldn't work no matter what.

I'm going to try hardcoding it into sudo by feeding configure the option.  Any insight would be appreciated.

=G=

Galen Johnson; SCSA, CCNA 
Systems Administrator
ASP Market Development 
SAS 
919-531-9223

QOTD:
Leaders have to lead-they have to act in the very clear self-interest of their companies and their customers. Sure it's a good idea to be aware of such entanglements and to give some thought to how they might play out, but don't let that awareness spread to fixation. Because if we allow ourselves to drift into paralysis over something like what might happen, we'll miss market opportunities, slow the pace of innovation and transformation, and give competitors a break that they surely haven't earned,
         -Randy Mott, Dell's CIO speaking about the SCO/Linux lawsuit





More information about the sudo-users mailing list