[sudo-users] sudo 1.7.2p1 incorrect rule choices
Todd C. Miller
Todd.Miller at courtesan.com
Tue Nov 24 11:41:32 EST 2009
In message <w524oojg9pe.fsf at lame.message.id>
so spake seph (seph):
> But, when I try the same set:
>
> seph at playpen-app1:~$ sudo -k
> seph at playpen-app1:~$ sudo -l
> Matching Defaults entries for seph on this host:
> env_reset, syslog=auth
>
> User seph may run the following commands on this host:
> (deploy) NOPASSWD: ALL
> (root) NOPASSWD: /usr/sbin/monit
> (ALL) ALL
> seph at playpen-app1:~$ sudo -u deploy hostname
> [sudo] password for seph:
> playpen-app1
Sudo takes the last match so the:
(ALL) ALL
line is what matches. Since that doesn't have NOPASSWD set you
get prompted for a password.
- todd
More information about the sudo-users
mailing list