[sudo-users] sudo 1.7.2p1 incorrect rule choices

Todd C. Miller Todd.Miller at courtesan.com
Tue Nov 24 11:41:32 EST 2009

In message <w524oojg9pe.fsf at lame.message.id>
	so spake seph (seph):

> But, when I try the same set:
>   seph at playpen-app1:~$ sudo -k
>   seph at playpen-app1:~$ sudo -l
>   Matching Defaults entries for seph on this host:
>       env_reset, syslog=auth
>   User seph may run the following commands on this host:
>       (deploy) NOPASSWD: ALL
>       (root) NOPASSWD: /usr/sbin/monit
>       (ALL) ALL
>   seph at playpen-app1:~$ sudo -u deploy hostname
>   [sudo] password for seph: 
>   playpen-app1

Sudo takes the last match so the:

    (ALL) ALL

line is what matches.  Since that doesn't have NOPASSWD set you
get prompted for a password.

 - todd

More information about the sudo-users mailing list