[sudo-users] Strange behavior when execute bit is missing

Bob Proulx bob at proulx.com
Sun Apr 23 11:50:24 EDT 2006

Josef Wolf wrote:
> I have the following line in /etc/sudoers:
>   naclt ALL = NOPASSWD: /usr/local/bin/naclient

Seems reasonable to me.

> This (perl) script is meant to be executed from a different host's crontab
> via
>   ssh -i foobar naclt at host.do.main sudo /usr/local/bin/naclient parameters


What is the #! line in your script?

> By accident, I have installed /usr/local/bin/naclient with mode 600 instead
> of mode 700.  With this, sudo hangs waiting for the password, effectively
> ignoring my NOPASSWD: setting.  Since this was executed from cron, I had
> lots of hanging processes.

I am curious what command is logged to /var/log/auth.log, if any
messages are logged there.

Mode 0600 is only readable by the user of the file.  Is the user of
the file 'naclt'?  Because otherwise it would be unreadable.

> I would have expected something like "No permission" error if the target
> user (root in this case) don't have sufficient permissions to execute the
> program.
> BTW: this is sudo-1.6.8p7 on debian sarge.

I tried your example on my system and I could not recreate the exact
problem that you reported.

  ls -ldog /usr/local/bin/naclient
  -rw-r--r--  1 51 2006-04-23 09:44 /usr/local/bin/naclient

  cat /usr/local/bin/naclient
  print "Hello from perl script\n";

  sudo /usr/local/bin/naclient
  sudo: /usr/local/bin/naclient: command not

And the same when run by ssh.  This makes me believe there is
something interesting about your #! line which is pertinent in this
case.  Can you check it?  I think somehow sudo is being invoked on a
different command.


More information about the sudo-users mailing list