[sudo-users] sudo 1.7.2p1 incorrect rule choices
seph
seph at directionless.org
Tue Nov 24 11:37:49 EST 2009
I recently upgraded from sudo 1.6.9p10 (as packaged by ubuntu) to my own
build of 1.7.2p1, and having done so, I'm now having some trouble. I
have multiple rules defined in sudoers, and the new version seems to be
picking the wrong rule to act on.
In this example, I have 2 classes of users -- sysadmins, and
developers. They both have unfettered access to the deployment account,
and the sysadmin additionally has full access to the machine. As the
deployment stuff is scripted, it's all configured NOPASSWD.
The developer:
developer at playpen-app1:~$ sudo -k
developer at playpen-app1:~$ sudo -l
Matching Defaults entries for developer on this host:
env_reset, syslog=auth
User developer may run the following commands on this host:
(deploy) NOPASSWD: ALL
(root) NOPASSWD: /usr/sbin/monit
developer at playpen-app1:~$ sudo -u deploy hostname
playpen-app1
But, when I try the same set:
seph at playpen-app1:~$ sudo -k
seph at playpen-app1:~$ sudo -l
Matching Defaults entries for seph on this host:
env_reset, syslog=auth
User seph may run the following commands on this host:
(deploy) NOPASSWD: ALL
(root) NOPASSWD: /usr/sbin/monit
(ALL) ALL
seph at playpen-app1:~$ sudo -u deploy hostname
[sudo] password for seph:
playpen-app1
Any idea what's up?
seph
More information about the sudo-users
mailing list