[sudo-users] NOPASSWD option prompts for pw if user attempts cmdnot in auth list.
Carville, Stephen
scarville at LANDAM.com
Fri Feb 8 19:31:35 EST 2008
> # sudo version in this example:
> $ sudo -V
> Sudo version 1.6.7p5
>
> Again, it would be great if sudo respected the "NOPASSWD" option, and
> just
> errored with the msg "... not allowed...".
> Any solution in the works, or recommendations?
Hmmm Not sure if thats a good idea generally
What if I want to mix NOPASSWD and PASSWD for the same user on a
machine?
HELPDESK ALL = /usr/sbin/useradd, /usr/bin/chage,
/usr/sbin/usermod, /usr/bin/userdel, NOPASSWD:/usr/bin/cat
Maybe you need to add a check to your script:
echo `date` >$ERORRFILE
ssh $SERVER 2>/dev/null sudo -l |grep 'NOPASSWD: /usr/bin/cat'
>/dev/null
if [ $? -ne 0 ]; then
echo "$SERVER is improperly configured" >>$ERRORFILE
else
ssh $SERVER 2>/dev/null sudo cat file.txt
fi
Or you could use something like sudo bash -r as the default shell for
the user and restricted the PATH to a directory with only the commands
you want in it.
--
Stephen Carville <stephen at totalflood.com>
Systems Engineer
Land America
1.626.667.1450 X1326
#####################################################################
That which does not kill us often hurts us a lot.
More information about the sudo-users
mailing list