[sudo-users] Sudo & netgroups

Gabriel O'Brien obrieng at nm.cbc.ca
Fri Nov 3 09:47:43 EST 2006 

I've partially resolved the issue, the first mistake I was making was
not using the "fqdn" flag in my sudoers file.  However I am still faced
with the second part of the problem which is that sudo does not seem to
expand the netgroups properly.  I could create a Host_Alias to replicate
the functionality I want from NIS, but it seems redundant and a
management headache to me when I should simply be able to point at the
netgroup.

Thanks for your help.

cheers,
Gabriel

-- 
Gabriel O'Brien
IT Analyst, MPS-EN-CBC.ca
w: 416-205-8740 m: 416-576-0088


Michael Potter wrote:
> my guess is that it is prompting for the password because the rules are
> not active because sudo thinks it is on a different host.
> 
> running sudo -l as webmaster to see what commands webmaster is allowed
> to run.
> 
> to fix it, try this:
> webmaster       ALL = NOPASSWD: /my/script.sh
> 
> then put echo $HOST
> and uname -a
> and any other way you can think of to print the name of the host in
> myscript.sh
> 
> Then try each of those in place of the host.*.ca names.
> 
> I dont know how sudo figures out what host he is running on.  I took a
> quick look at the source and it did not jump out at me (I am not familar
> with look at yacc generated code).
> 
> please report back what you found to be the problem as I suspect this is
> a common problem.
> 
> -- 
> Michael
> 
> 
> On 11/2/06, *Gabriel O'Brien* <obrieng at nm.cbc.ca
> <mailto:obrieng at nm.cbc.ca>> wrote:
> 
>     Hey folks!
> 
>     I have a quick question, I'm working on a standardized environment for
>     authentication and permissions escalation and I've run in to a little
>     snag with the way sudo seems to resolve hostnames.
> 
>     This system is known by the following DNS names:
> 
>     host.sub.domain.cbc.ca <http://host.sub.domain.cbc.ca>
>     host.domain.cbc.ca <http://host.domain.cbc.ca>
> 
>     Both of these entries prompt the user for their password:
> 
>     webmaster       host.sub.domain.cbc.ca
>     <http://host.sub.domain.cbc.ca> = NOPASSWD: /my/script.sh
>     webmaster       host.domain.cbc.ca <http://host.domain.cbc.ca> =
>     NOPASSWD: /my/script.sh
> 
>     This one doesn't:
> 
>     webmaster       host = NOPASSWD: /my/script.sh
> 
>     Any ideas where I should look or what I'm doing wrong?
> 
>     cheers,
>     Gabriel
> 
>     --
>     Gabriel O'Brien
>     IT Analyst, MPS-EN-CBC.ca
>     w: 416-205-8740 m: 416-576-0088
>     ____________________________________________________________
>     sudo-users mailing list <sudo-users at sudo.ws <mailto:sudo-users at sudo.ws>>
>     For list information, options, or to unsubscribe, visit:
>     http://www.sudo.ws/mailman/listinfo/sudo-users
> 
>

More information about the sudo-users mailing list