[sudo-users] Strange behavior when execute bit is missing
Bob Proulx
bob at proulx.com
Sun Apr 23 11:50:24 EDT 2006
Josef Wolf wrote:
> I have the following line in /etc/sudoers:
>
> naclt ALL = NOPASSWD: /usr/local/bin/naclient
Seems reasonable to me.
> This (perl) script is meant to be executed from a different host's crontab
> via
>
> ssh -i foobar naclt at host.do.main sudo /usr/local/bin/naclient parameters
Okay.
What is the #! line in your script?
> By accident, I have installed /usr/local/bin/naclient with mode 600 instead
> of mode 700. With this, sudo hangs waiting for the password, effectively
> ignoring my NOPASSWD: setting. Since this was executed from cron, I had
> lots of hanging processes.
I am curious what command is logged to /var/log/auth.log, if any
messages are logged there.
Mode 0600 is only readable by the user of the file. Is the user of
the file 'naclt'? Because otherwise it would be unreadable.
> I would have expected something like "No permission" error if the target
> user (root in this case) don't have sufficient permissions to execute the
> program.
>
> BTW: this is sudo-1.6.8p7 on debian sarge.
I tried your example on my system and I could not recreate the exact
problem that you reported.
ls -ldog /usr/local/bin/naclient
-rw-r--r-- 1 51 2006-04-23 09:44 /usr/local/bin/naclient
cat /usr/local/bin/naclient
#!/usr/bin/perl
print "Hello from perl script\n";
sudo /usr/local/bin/naclient
sudo: /usr/local/bin/naclient: command not
And the same when run by ssh. This makes me believe there is
something interesting about your #! line which is pertinent in this
case. Can you check it? I think somehow sudo is being invoked on a
different command.
Bob
More information about the sudo-users
mailing list