[sudo-users] using localhost in sudoers

Todd C. Miller Todd.Miller at courtesan.com
Wed Jul 21 09:27:30 EDT 2010


In message <20100721125822.GA26326 at foxbat.suse.cz>
	so spake Petr Uzel (petr.uzel):

> How does "localhost" as Host_Alias in /etc/sudoers work?
> 
> E.g. gentoo sudo(ers) guide [1] states that the rule
> 
> swift localhost = /usr/bin/emerge

> allows running emerge only if the user swift is logged in locally,
> i.e. not through SSH. I don't think this is correct. AFAIU, the
> Host_Alias can not be used to differentiate between users logged
> in locally and through ssh, but only to restrict the rule to apply
> on machines where 'hostname'=='Host_Alias' (useful if sudoers file
> is shared across several machines).

Unless the gentoo sudo contains changes to support this, "localhost"
will never match as a hostname in sudoers unless the call to
gethostname() fails.

 - todd




More information about the sudo-users mailing list