Sudoers parsing order revisted
Moss, Leonard J.
ljm at slac.stanford.edu
Fri May 21 18:46:06 EDT 2004
Back in March 2001, Steve Freed asked:
> If I have a large and complicated sudoers file and I have
> something like:
sfreed ALL = (root) /bin/ls
> and then later I have
sfreed otherhost = (ALL !root) /bin/ls
> Which takes precedence? First match? Last Match? Unpredictable?
> This is a pretty simple example compared to what I'm really
> dealing with, since by the time I get to user specifications,
> it's pretty much all aliases.
And Todd responded:
> Last match.
I'd like to make sure I understand this correctly. I think
you're saying that the last match rule would still apply even if
the userid in one or both of the entries was replaced by a user
alias that included that userid, correct?
TIA.
More information about the sudo-users
mailing list