[sudo-users] sudo-1.6.9p17 - problem with wildcards
Julian Dunn
Julian.Dunn at CBC.CA
Mon Feb 2 08:33:33 EST 2009
(Apologies in advance for the top replies as I am forced to use Novell
Groupwise)
Thanks for the suggestion but the other commands listed under "(root)
NOPASSWD" work fine -- I can run /usr/bin/install and
/etc/init.d/cbcsandboxes with no password. Any of the
/etc/init.d/tomcat5-sb* are the only command which prompt me for a sudo
password.
- Julian
>>> <christian.peper at kpn.com> 02/02/09 5:44 AM >>>
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Julian Dunn
> Sent: Friday, January 30, 2009 8:44 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] sudo-1.6.9p17 - problem with wildcards
>
> I'm on RedHat Enterprise Linux 5.3 and so I have sudo-1.6.9p17-3.el5
>
> I want to give myself the permission to run anything matching
> /etc/init.d/tomcat5-sb* without a password, so I have
>
> % sudo -l
> User jdunn may run the following commands on this host:
> (ALL) ALL
> (root) NOPASSWD: /usr/bin/install,
> /etc/init.d/tomcat5-sb*, /etc/init.d/cbcsandboxes
> (root) /etc/init.d/tomcat5-sb20
> (cruise) /usr/bin/cvs
> (webmaster) ALL
>
> However, I still keep getting prompted for a password when
> executing anything of /etc/init.d/tomcat5-*
Julian,
I don't know if sudo -l preserves the order things it gets from sudoers,
but the line (ALL) ALL matches *before* (root) NOPASSWD...
I've had this happen to me on some occasions and putting more specific
rules first before listing things like (ALL) ALL etc. helps.
Just an idea.
Chris.
More information about the sudo-users
mailing list