[sudo-users] sudo-1.6.9p17 - problem with wildcards

christian.peper at kpn.com christian.peper at kpn.com
Mon Feb 2 05:41:52 EST 2009


> -----Original Message-----
> From: sudo-users-bounces at courtesan.com 
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Julian Dunn
> Sent: Friday, January 30, 2009 8:44 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] sudo-1.6.9p17 - problem with wildcards
> 
> I'm on RedHat Enterprise Linux 5.3 and so I have sudo-1.6.9p17-3.el5
> 
> I want to give myself the permission to run anything matching 
> /etc/init.d/tomcat5-sb* without a password, so I have
> 
> % sudo -l
> User jdunn may run the following commands on this host:
>     (ALL) ALL
>     (root) NOPASSWD: /usr/bin/install, 
> /etc/init.d/tomcat5-sb*, /etc/init.d/cbcsandboxes
>     (root) /etc/init.d/tomcat5-sb20
>     (cruise) /usr/bin/cvs
>     (webmaster) ALL
> 
> However, I still keep getting prompted for a password when 
> executing anything of /etc/init.d/tomcat5-*

Julian,

I don't know if sudo -l preserves the order things it gets from sudoers,
but the line (ALL) ALL matches *before* (root) NOPASSWD...

I've had this happen to me on some occasions and putting more specific
rules first before listing things like (ALL) ALL etc. helps.

Just an idea.
Chris.



More information about the sudo-users mailing list