[sudo-users] Sudo & netgroups
Gabriel O'Brien
obrieng at nm.cbc.ca
Fri Nov 3 09:47:43 EST 2006
I've partially resolved the issue, the first mistake I was making was
not using the "fqdn" flag in my sudoers file. However I am still faced
with the second part of the problem which is that sudo does not seem to
expand the netgroups properly. I could create a Host_Alias to replicate
the functionality I want from NIS, but it seems redundant and a
management headache to me when I should simply be able to point at the
netgroup.
Thanks for your help.
cheers,
Gabriel
--
Gabriel O'Brien
IT Analyst, MPS-EN-CBC.ca
w: 416-205-8740 m: 416-576-0088
Michael Potter wrote:
> my guess is that it is prompting for the password because the rules are
> not active because sudo thinks it is on a different host.
>
> running sudo -l as webmaster to see what commands webmaster is allowed
> to run.
>
> to fix it, try this:
> webmaster ALL = NOPASSWD: /my/script.sh
>
> then put echo $HOST
> and uname -a
> and any other way you can think of to print the name of the host in
> myscript.sh
>
> Then try each of those in place of the host.*.ca names.
>
> I dont know how sudo figures out what host he is running on. I took a
> quick look at the source and it did not jump out at me (I am not familar
> with look at yacc generated code).
>
> please report back what you found to be the problem as I suspect this is
> a common problem.
>
> --
> Michael
>
>
> On 11/2/06, *Gabriel O'Brien* <obrieng at nm.cbc.ca
> <mailto:obrieng at nm.cbc.ca>> wrote:
>
> Hey folks!
>
> I have a quick question, I'm working on a standardized environment for
> authentication and permissions escalation and I've run in to a little
> snag with the way sudo seems to resolve hostnames.
>
> This system is known by the following DNS names:
>
> host.sub.domain.cbc.ca <http://host.sub.domain.cbc.ca>
> host.domain.cbc.ca <http://host.domain.cbc.ca>
>
> Both of these entries prompt the user for their password:
>
> webmaster host.sub.domain.cbc.ca
> <http://host.sub.domain.cbc.ca> = NOPASSWD: /my/script.sh
> webmaster host.domain.cbc.ca <http://host.domain.cbc.ca> =
> NOPASSWD: /my/script.sh
>
> This one doesn't:
>
> webmaster host = NOPASSWD: /my/script.sh
>
> Any ideas where I should look or what I'm doing wrong?
>
> cheers,
> Gabriel
>
> --
> Gabriel O'Brien
> IT Analyst, MPS-EN-CBC.ca
> w: 416-205-8740 m: 416-576-0088
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws <mailto:sudo-users at sudo.ws>>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
More information about the sudo-users
mailing list