[sudo-users] sudo-1.6.9p17 - problem with wildcards

Julian Dunn Julian.Dunn at CBC.CA
Mon Feb 2 08:33:33 EST 2009

(Apologies in advance for the top replies as I am forced to use Novell

Thanks for the suggestion but the other commands listed under "(root)
NOPASSWD" work fine -- I can run /usr/bin/install and
/etc/init.d/cbcsandboxes with no password. Any of the
/etc/init.d/tomcat5-sb* are the only command which prompt me for a sudo

- Julian

>>> <christian.peper at kpn.com> 02/02/09 5:44 AM >>>
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com 
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Julian Dunn
> Sent: Friday, January 30, 2009 8:44 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] sudo-1.6.9p17 - problem with wildcards
> I'm on RedHat Enterprise Linux 5.3 and so I have sudo-1.6.9p17-3.el5
> I want to give myself the permission to run anything matching 
> /etc/init.d/tomcat5-sb* without a password, so I have
> % sudo -l
> User jdunn may run the following commands on this host:
>     (ALL) ALL
>     (root) NOPASSWD: /usr/bin/install, 
> /etc/init.d/tomcat5-sb*, /etc/init.d/cbcsandboxes
>     (root) /etc/init.d/tomcat5-sb20
>     (cruise) /usr/bin/cvs
>     (webmaster) ALL
> However, I still keep getting prompted for a password when 
> executing anything of /etc/init.d/tomcat5-*


I don't know if sudo -l preserves the order things it gets from sudoers,
but the line (ALL) ALL matches *before* (root) NOPASSWD...

I've had this happen to me on some occasions and putting more specific
rules first before listing things like (ALL) ALL etc. helps.

Just an idea.

More information about the sudo-users mailing list