[sudo-users] Sudo & netgroups

Michael Potter pottmi at gmail.com
Thu Nov 2 19:44:40 EST 2006


my guess is that it is prompting for the password because the rules are not
active because sudo thinks it is on a different host.

running sudo -l as webmaster to see what commands webmaster is allowed to
run.

to fix it, try this:
webmaster       ALL = NOPASSWD: /my/script.sh

then put echo $HOST
and uname -a
and any other way you can think of to print the name of the host in
myscript.sh

Then try each of those in place of the host.*.ca names.

I dont know how sudo figures out what host he is running on.  I took a quick
look at the source and it did not jump out at me (I am not familar with look
at yacc generated code).

please report back what you found to be the problem as I suspect this is a
common problem.

-- 
Michael


On 11/2/06, Gabriel O'Brien <obrieng at nm.cbc.ca> wrote:
>
> Hey folks!
>
> I have a quick question, I'm working on a standardized environment for
> authentication and permissions escalation and I've run in to a little
> snag with the way sudo seems to resolve hostnames.
>
> This system is known by the following DNS names:
>
> host.sub.domain.cbc.ca
> host.domain.cbc.ca
>
> Both of these entries prompt the user for their password:
>
> webmaster       host.sub.domain.cbc.ca = NOPASSWD: /my/script.sh
> webmaster       host.domain.cbc.ca = NOPASSWD: /my/script.sh
>
> This one doesn't:
>
> webmaster       host = NOPASSWD: /my/script.sh
>
> Any ideas where I should look or what I'm doing wrong?
>
> cheers,
> Gabriel
>
> --
> Gabriel O'Brien
> IT Analyst, MPS-EN-CBC.ca
> w: 416-205-8740 m: 416-576-0088
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



More information about the sudo-users mailing list