[sudo-users] sudo 1.7.0 on AIX 5.3
Jackson Afonso Krainer
jakrainer at yahoo.com
Fri Jan 16 05:04:41 EST 2009
Hello everyone,
I’m testing version 1.7.0 of sudo on AIX 5.3 but all my deny rules are not working.
If I do a sudo -l for my user I will have the following:
$ sudo sudo -V |grep version
Sudo version 1.7.0
$ sudo -l
Matching Defaults entries for user_a on this host:
syslog_goodpri=debug, syslog_badpri=debug, syslog=local2, !env_reset
User user_a may run the following commands on this host:
(root) NOPASSWD: ALL, (root) !/usr/bin/su, !/usr/bin/su -, !/usr/bin/su root, !/usr/bin/su - root, (root) !/usr/bin/bsh, !/usr/bin/csh, !/usr/bin/ksh, !/usr/bin/tsh, !/usr/bin/ksh93, !/usr/bin/sh,
!/usr/bin/Rsh, !/usr/bin/bash, !/usr/bin/bash2, !/usr/bin/psh, !/usr/dt/bin/dtksh, (root) !/usr/bin/smit, !/usr/bin/smitty, !/usr/bin/smitacl, (root) !/usr/bin/X11/aixterm, !/usr/bin/X11/xterm, (root)
!/usr/sbin/mkfs, !/usr/sbin/mkboot, !/usr/sbin/mkdev, !/usr/sbin/mklost+found, !/usr/sbin/mklv, !/usr/sbin/mklvcopy, !/usr/sbin/mknfs, !/usr/sbin/mknfsexp, !/usr/sbin/mknfsmnt, !/usr/sbin/mknod,
!/usr/sbin/mkvg, !/usr/sbin/mkvg4vp, !/usr/sbin/chfs, !/usr/sbin/chlv, !/usr/sbin/chlvcopy, !/usr/sbin/chnfs, !/usr/sbin/chnfsexp, !/usr/sbin/chnfsmnt, !/usr/sbin/chpv, !/usr/sbin/chroot,
!/usr/sbin/chvg, !/usr/sbin/rmdev, !/usr/sbin/rmfs, !/usr/sbin/rmlv, !/usr/sbin/rmlvcopy, !/usr/sbin/rmnfs, !/usr/sbin/rmnfsexp, !/usr/sbin/rmnfsmnt
If I try to run any command that was supposed to be blocked,/usr/sbin/rmlv for example, it just works when I expect it to not work, take a look:
$ sudo /usr/sbin/rmlv
0516-602 rmlv: Logical volume name not entered.
Usage: rmlv [ -B ] [ -f ] [ -p Physical Volume ] LogicalVolume ...
Removes a logical volume.
I have the same configuration on servers where I have previous versions of sudo and it works fine.
Is there something else that needs to be configured on 1.7.0 to avoid this problem, I mean, to make it work?
Thanks in advance,
Jackson
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
More information about the sudo-users
mailing list