[sudo-users] Sudo & netgroups
obrieng at nm.cbc.ca
Fri Nov 3 09:47:43 EST 2006
I've partially resolved the issue, the first mistake I was making was
not using the "fqdn" flag in my sudoers file. However I am still faced
with the second part of the problem which is that sudo does not seem to
expand the netgroups properly. I could create a Host_Alias to replicate
the functionality I want from NIS, but it seems redundant and a
management headache to me when I should simply be able to point at the
Thanks for your help.
IT Analyst, MPS-EN-CBC.ca
w: 416-205-8740 m: 416-576-0088
Michael Potter wrote:
> my guess is that it is prompting for the password because the rules are
> not active because sudo thinks it is on a different host.
> running sudo -l as webmaster to see what commands webmaster is allowed
> to run.
> to fix it, try this:
> webmaster ALL = NOPASSWD: /my/script.sh
> then put echo $HOST
> and uname -a
> and any other way you can think of to print the name of the host in
> Then try each of those in place of the host.*.ca names.
> I dont know how sudo figures out what host he is running on. I took a
> quick look at the source and it did not jump out at me (I am not familar
> with look at yacc generated code).
> please report back what you found to be the problem as I suspect this is
> a common problem.
> On 11/2/06, *Gabriel O'Brien* <obrieng at nm.cbc.ca
> <mailto:obrieng at nm.cbc.ca>> wrote:
> Hey folks!
> I have a quick question, I'm working on a standardized environment for
> authentication and permissions escalation and I've run in to a little
> snag with the way sudo seems to resolve hostnames.
> This system is known by the following DNS names:
> host.sub.domain.cbc.ca <http://host.sub.domain.cbc.ca>
> host.domain.cbc.ca <http://host.domain.cbc.ca>
> Both of these entries prompt the user for their password:
> webmaster host.sub.domain.cbc.ca
> <http://host.sub.domain.cbc.ca> = NOPASSWD: /my/script.sh
> webmaster host.domain.cbc.ca <http://host.domain.cbc.ca> =
> NOPASSWD: /my/script.sh
> This one doesn't:
> webmaster host = NOPASSWD: /my/script.sh
> Any ideas where I should look or what I'm doing wrong?
> Gabriel O'Brien
> IT Analyst, MPS-EN-CBC.ca
> w: 416-205-8740 m: 416-576-0088
> sudo-users mailing list <sudo-users at sudo.ws <mailto:sudo-users at sudo.ws>>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users