[sudo-users] sudo-1.6.9p17 - problem with wildcards

christian.peper at kpn.com christian.peper at kpn.com
Mon Feb 2 05:41:52 EST 2009

> -----Original Message-----
> From: sudo-users-bounces at courtesan.com 
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Julian Dunn
> Sent: Friday, January 30, 2009 8:44 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] sudo-1.6.9p17 - problem with wildcards
> I'm on RedHat Enterprise Linux 5.3 and so I have sudo-1.6.9p17-3.el5
> I want to give myself the permission to run anything matching 
> /etc/init.d/tomcat5-sb* without a password, so I have
> % sudo -l
> User jdunn may run the following commands on this host:
>     (ALL) ALL
>     (root) NOPASSWD: /usr/bin/install, 
> /etc/init.d/tomcat5-sb*, /etc/init.d/cbcsandboxes
>     (root) /etc/init.d/tomcat5-sb20
>     (cruise) /usr/bin/cvs
>     (webmaster) ALL
> However, I still keep getting prompted for a password when 
> executing anything of /etc/init.d/tomcat5-*


I don't know if sudo -l preserves the order things it gets from sudoers,
but the line (ALL) ALL matches *before* (root) NOPASSWD...

I've had this happen to me on some occasions and putting more specific
rules first before listing things like (ALL) ALL etc. helps.

Just an idea.

More information about the sudo-users mailing list