[sudo-users] Sudo & netgroups

Gabriel O'Brien obrieng at nm.cbc.ca
Fri Nov 3 09:47:43 EST 2006

I've partially resolved the issue, the first mistake I was making was
not using the "fqdn" flag in my sudoers file.  However I am still faced
with the second part of the problem which is that sudo does not seem to
expand the netgroups properly.  I could create a Host_Alias to replicate
the functionality I want from NIS, but it seems redundant and a
management headache to me when I should simply be able to point at the

Thanks for your help.


Gabriel O'Brien
IT Analyst, MPS-EN-CBC.ca
w: 416-205-8740 m: 416-576-0088

Michael Potter wrote:
> my guess is that it is prompting for the password because the rules are
> not active because sudo thinks it is on a different host.
> running sudo -l as webmaster to see what commands webmaster is allowed
> to run.
> to fix it, try this:
> webmaster       ALL = NOPASSWD: /my/script.sh
> then put echo $HOST
> and uname -a
> and any other way you can think of to print the name of the host in
> myscript.sh
> Then try each of those in place of the host.*.ca names.
> I dont know how sudo figures out what host he is running on.  I took a
> quick look at the source and it did not jump out at me (I am not familar
> with look at yacc generated code).
> please report back what you found to be the problem as I suspect this is
> a common problem.
> -- 
> Michael
> On 11/2/06, *Gabriel O'Brien* <obrieng at nm.cbc.ca
> <mailto:obrieng at nm.cbc.ca>> wrote:
>     Hey folks!
>     I have a quick question, I'm working on a standardized environment for
>     authentication and permissions escalation and I've run in to a little
>     snag with the way sudo seems to resolve hostnames.
>     This system is known by the following DNS names:
>     host.sub.domain.cbc.ca <http://host.sub.domain.cbc.ca>
>     host.domain.cbc.ca <http://host.domain.cbc.ca>
>     Both of these entries prompt the user for their password:
>     webmaster       host.sub.domain.cbc.ca
>     <http://host.sub.domain.cbc.ca> = NOPASSWD: /my/script.sh
>     webmaster       host.domain.cbc.ca <http://host.domain.cbc.ca> =
>     NOPASSWD: /my/script.sh
>     This one doesn't:
>     webmaster       host = NOPASSWD: /my/script.sh
>     Any ideas where I should look or what I'm doing wrong?
>     cheers,
>     Gabriel
>     --
>     Gabriel O'Brien
>     IT Analyst, MPS-EN-CBC.ca
>     w: 416-205-8740 m: 416-576-0088
>     ____________________________________________________________
>     sudo-users mailing list <sudo-users at sudo.ws <mailto:sudo-users at sudo.ws>>
>     For list information, options, or to unsubscribe, visit:
>     http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list