[sudo-users] sudo 1.7.0 on AIX 5.3

Jackson Afonso Krainer jakrainer at yahoo.com
Fri Jan 16 05:04:41 EST 2009

Hello everyone,

I’m testing version 1.7.0 of sudo on AIX 5.3 but all my deny rules are not working. 
If I do a sudo -l for my user I will have the following:

$ sudo sudo -V |grep version
Sudo version 1.7.0

$ sudo -l
Matching Defaults entries for user_a on this host:
    syslog_goodpri=debug, syslog_badpri=debug, syslog=local2, !env_reset

User user_a may run the following commands on this host:
    (root) NOPASSWD: ALL, (root) !/usr/bin/su, !/usr/bin/su -, !/usr/bin/su root, !/usr/bin/su - root, (root) !/usr/bin/bsh, !/usr/bin/csh, !/usr/bin/ksh, !/usr/bin/tsh, !/usr/bin/ksh93, !/usr/bin/sh,
    !/usr/bin/Rsh, !/usr/bin/bash, !/usr/bin/bash2, !/usr/bin/psh, !/usr/dt/bin/dtksh, (root) !/usr/bin/smit, !/usr/bin/smitty, !/usr/bin/smitacl, (root) !/usr/bin/X11/aixterm, !/usr/bin/X11/xterm, (root)
    !/usr/sbin/mkfs, !/usr/sbin/mkboot, !/usr/sbin/mkdev, !/usr/sbin/mklost+found, !/usr/sbin/mklv, !/usr/sbin/mklvcopy, !/usr/sbin/mknfs, !/usr/sbin/mknfsexp, !/usr/sbin/mknfsmnt, !/usr/sbin/mknod,
    !/usr/sbin/mkvg, !/usr/sbin/mkvg4vp, !/usr/sbin/chfs, !/usr/sbin/chlv, !/usr/sbin/chlvcopy, !/usr/sbin/chnfs, !/usr/sbin/chnfsexp, !/usr/sbin/chnfsmnt, !/usr/sbin/chpv, !/usr/sbin/chroot,
    !/usr/sbin/chvg, !/usr/sbin/rmdev, !/usr/sbin/rmfs, !/usr/sbin/rmlv, !/usr/sbin/rmlvcopy, !/usr/sbin/rmnfs, !/usr/sbin/rmnfsexp, !/usr/sbin/rmnfsmnt

If I try to run any command that was supposed to be blocked,/usr/sbin/rmlv for example, it just works when I expect it to not work, take a look:

$ sudo /usr/sbin/rmlv
0516-602 rmlv: Logical volume name not entered.
Usage: rmlv [ -B ] [ -f ]  [ -p Physical Volume ]  LogicalVolume ...
Removes a logical volume.

I have the same configuration on servers where I have previous versions of sudo and it works fine.

Is there something else that needs to be configured on 1.7.0 to avoid this problem, I mean, to make it work?

Thanks in advance,


      Veja quais são os assuntos do momento no Yahoo! +Buscados

More information about the sudo-users mailing list