[sudo-users] using localhost in sudoers
Petr Uzel
petr.uzel at suse.cz
Wed Jul 21 09:39:34 EDT 2010
On Wed, Jul 21, 2010 at 09:27:30AM -0400, Todd C. Miller wrote:
> In message <20100721125822.GA26326 at foxbat.suse.cz>
> so spake Petr Uzel (petr.uzel):
>
> > How does "localhost" as Host_Alias in /etc/sudoers work?
> >
> > E.g. gentoo sudo(ers) guide [1] states that the rule
> >
> > swift localhost = /usr/bin/emerge
>
> > allows running emerge only if the user swift is logged in locally,
> > i.e. not through SSH. I don't think this is correct. AFAIU, the
> > Host_Alias can not be used to differentiate between users logged
> > in locally and through ssh, but only to restrict the rule to apply
> > on machines where 'hostname'=='Host_Alias' (useful if sudoers file
> > is shared across several machines).
>
> Unless the gentoo sudo contains changes to support this, "localhost"
> will never match as a hostname in sudoers unless the call to
> gethostname() fails.
Todd, thanks for the reply.
I'm curious: is it somehow possible to restrict some of the rules only
to users logged locally?
Next, I think that the above is a common misunderstanding - maybe
it should be mentioned in sudoers(5) and/or sudo FAQ ?
Thanks,
Petr
--
Petr Uzel
IRC: ptr_uzl @ freenode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20100721/e3ad029c/attachment.bin>
More information about the sudo-users
mailing list