[sudo-users] Bizarre sudo behavior
Wood, Mike
Mike.Wood at kci1.com
Wed Jun 11 17:08:59 EDT 2008
Hi All,
I'm new to the list, but not new to sudo. I've got a bizarre sudo
problem that I just can't solve, and I need your help.
I've looked 6 months back through the archives, and didn't see anything
useful.
-
Scenario:
Sudo version 1.6.9p13 on AIX 5.3 TL5 SP5.
Under certain circumstances, sudo commands don't seem to work. I think
it's an environment variable somewhere, but I'm not 100% sure.
To reproduce the problem: login directly as acostad.
$ sudo -l
User acostad may run the following commands on this host:
(root) NOPASSWD: sudoedit dsm.sys, sudoedit dsm.opt, sudoedit
inclexcl, DSMJ, DSMC, DSMCAD, /usr/local/adm
in-tools/make_tsm_nodedir
(root) NOPASSWD: /usr/bin/cancel, sudoedit /etc/hosts,
/usr/local/admin-tools/ck_print_queue.ksh, sudoedit
ck_print_queue.dat
(root) NOPASSWD: /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
(root) NOPASSWD: /usr/local/admin-tools/resetuser,
!/usr/local/admin-tools/resetuser root
(root) NOPASSWD: sudoedit /etc/usrtab, sudoedit /etc/usrlogon
(operator) NOPASSWD: /usr/bin/smitty mkuser, /usr/bin/smit mkuser
(operator) NOPASSWD: /usr/bin/chuser account_locked
(root) /usr/bin/su - root
$ sudo chuser account_locked=false woodm
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts
But...su - root, then su - acostad:
$ sudo -l
User acostad may run the following commands on this host:
(root) NOPASSWD: sudoedit dsm.sys, sudoedit dsm.opt, sudoedit
inclexcl, DSMJ, DSMC, DSMC
AD, /usr/local/admin-tools/make_tsm_nodedir
(root) NOPASSWD: /usr/bin/cancel, sudoedit /etc/hosts,
/usr/local/admin-tools/ck_print_q
ueue.ksh, sudoedit ck_print_queue.dat
(root) NOPASSWD: /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
(root) NOPASSWD: /usr/local/admin-tools/resetuser,
!/usr/local/admin-tools/resetuser roo
t
(root) NOPASSWD: sudoedit /etc/usrtab, sudoedit /etc/usrlogon
(operator) NOPASSWD: /usr/bin/smitty mkuser, /usr/bin/smit mkuser
(operator) NOPASSWD: /usr/bin/chuser account_locked
(root) /usr/bin/su - root
$ sudo chuser account_locked=false woodm
$
What gives? Any idea where to look?
Thanks!!!
Mike Wood
UNIX System Administrator
Kinetic Concepts, Inc.
6103 Farinon Drive
San Antonio, TX, 78249
E-mail: mike.wood at kci1.com
Office: (210) 255-6382
Mobile: (210) 825-5134
*****************************************************************************
"CONFIDENTIALITY NOTICE: This transmission (including any
accompanying attachments) is confidential, is intended only for the
individual or entity named above, and is likely to contain privileged,
proprietary and confidential information that is exempt from disclosure
requests under applicable law. If you are not the intended recipient,
you are hereby notified that any disclosure, copying, distribution, use
of or reliance upon any of the information contained in this transmission
is strictly prohibited. Any inadvertent or unauthorized disclosure shall
not compromise or waive the confidentiality of this transmission or any
applicable attorney-client privilege.
If you have received this transmission in error, please immediately
notify us at postmaster at kci1.com."
Kinetic Concepts, Inc.
******************************************************************************
More information about the sudo-users
mailing list