[sudo-users] sudo 1.7.2p1 host parsing problem
Matt Marchione
mmarchio at coat.com
Wed Dec 16 13:23:40 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm encountering a problem with sudo 1.7.2p1 on Solaris. It took
me a little while to figure out what triggers it. The hostname
parsing does not seem to work right if the target host is not
included in the host list at the front of the user privileges.
2) ~~~~~~~~~~ Given this portion of sudoers as a starting point....
# Defaults specification
Defaults log_year
Defaults root_sudo
Defaults syslog=local2
# User privilege specification
test1 nsa=NOPASSWD:/bin/ls
~~~~~~~~~~~~~
nsa:/sudo/TEST> ./sudo -u test1 ./sudo -l
Matching Defaults entries for test1 on this host:
log_year, root_sudo, syslog=local2
User test1 may run the following commands on this host:
(root) NOPASSWD: /bin/ls
2) ~~~~~~~~~~~~~ Then add to the user privilege....
test1 host2=NOPASSWD:/bin/vi:nsa=NOPASSWD:/bin/ls
~~~~~~~~~~~~
nsa:/sudo/TEST> ./sudo -u test1 ./sudo -l
Matching Defaults entries for test1 on this host:
log_year, root_sudo, syslog=local2
User test1 may run the following commands on this host:
3) ~~~~~~~~~~~~ And then once more....
test1
host2,nsa=/bin/su:host2=NOPASSWD:/bin/vi:nsa=NOPASSWD:/bin/ls
~~~~~~~~~~~
nsa:/sudo/TEST> ./sudo -u test1 ./sudo -l
Matching Defaults entries for test1 on this host:
log_year, root_sudo, syslog=local2
User test1 may run the following commands on this host:
(root) /bin/su
(root) NOPASSWD: /bin/vi
(root) NOPASSWD: /bin/ls
~~~~~~~~~~~
The initial setup works fine. The second one is not showing the
granted 'ls' privilege for the host nsa, and finally all the
defined privileges are being listed on nsa when 'vi' should not
be listed.
Any ideas?
Thanks,
MattM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkspJaoACgkQ1WRySZ+3l2sA4wCfYW8rN+Ju49ouJcOoqKvPkTHt
9ToAn0hSt2hPKPcVMbXFXdiqQXeQFhwx
=DYG5
-----END PGP SIGNATURE-----
More information about the sudo-users
mailing list