[sudo-users] Sudo version 1.6.8p12 and NIS/YP groups (fwd)
Dmitry Morozovsky
marck at rinet.ru
Sun Feb 26 06:05:27 EST 2006
Dear colleagues,
Sudo version 1.6.8p12 under FreeBSD 6-stable (port)
NIS/YP
sudo does not detect NIS groups:
-- 8< --
root at hamster:~# grep DISK /usr/local/etc/sudoers
Cmnd_Alias DISK=/sbin/atacontrol list, /sbin/camcontrol devlist
%operator ALL= NOPASSWD: DISK
root at hamster:~# id marck
uid=268(marck) gid=268(marck) groups=268(marck), 0(wheel), 5(operator), 24(samba), 11(backup)
root at hamster:~# grep operator /etc/group
operator:*:5:
root at hamster:~# ypcat group | grep operator
operator:*:5:root,backup,marck
marck at hamster:~> sudo -l
User marck may run the following commands on this host:
(ALL) ALL
-- 8< --
If I add line 'marck ALL=NOPASSWD:DISK' to sudoers or add marck to local
/etc/group everything works as expected:
marck at hamster:~> sudo -l
User marck may run the following commands on this host:
(ALL) ALL
(root) NOPASSWD: /sbin/atacontrol list, /sbin/camcontrol devlist
AFAIC the source of this error is that on BSD group list should be obtained via
getgroups(2) or getgrouplist(2), and sudo currently uses it only in LDAP
case. However, I'm not ready to provide a patch yet.
Please keep me CC:ed as I'm not subscribed.
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the sudo-users
mailing list