[sudo-users] runas_default= not working as expected. Dropping to root instead of user runas_default=
arjen at itcloud.nl
arjen at itcloud.nl
Tue Aug 2 09:47:42 EDT 2011
Hello,
I'm running debian squeeze and getting unexpected results when running
'sudo -i'
expected a bash shell as the configured runas_default=tomcat, instead
recieving a shell running as root.
This is working perfectly on lenny with 1.6.9p17. When replacing the
binary(1.7.4p4) on squeeze with 1.6.9p17 it's working again.
seems to me the behavior changed.
I'm not sure if this is intentionally or a bug.
If someone could point me on my error i gladly appreciate it.
Arjen.
libnss-ldapd 0.7.13
libpam-ldapd 0.7.13
sudo-ldap 1.7.4p4-2.squeeze.2
------
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1/
# The search base that will be used for all queries.
base dc=base,dc=nl
# The LDAP protocol version to use.
ldap_version 3
# The DN to bind with for normal lookups.
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
timelimit 20
idle_timelimit 300
# SSL options
ssl start_tls
tls_reqcert never
# The search scope.
#scope sub
------
------
root at node1:~# nslcd -d
nslcd: DEBUG: add_uri(ldap://127.0.0.1/)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0)
nslcd: version 0.7.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(111) done
nslcd: DEBUG: setuid(107) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8b4567] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_start_tls_s()
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7b23c6] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_start_tls_s()
nslcd: [7b23c6] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [3c9869] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_start_tls_s()
nslcd: [3c9869] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [334873] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [334873] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [334873] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_start_tls_s()
nslcd: [334873] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [b0dc51] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [b0dc51] DEBUG: nslcd_pam_authc("johndoe","","sshd","***")
nslcd: [b0dc51] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG:
myldap_search(base="uid=johndoe,ou=People,dc=base,dc=nl",
filter="(objectClass=posixAccount)")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("uid=johndoe,ou=People,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG: ldap_unbind()
nslcd: [b0dc51] DEBUG: bind successful
nslcd: [495cff] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [495cff] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [495cff] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [495cff] DEBUG: ldap_result(): end of results
nslcd: [e8944a] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [e8944a] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e8944a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e8944a] DEBUG: ldap_result(): end of results
nslcd: [5558ec] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [5558ec] DEBUG:
nslcd_pam_authz("johndoe","uid=johndoe,ou=People,dc=base,dc=nl","sshd","","johndoe.office.fake.nl","ssh")
nslcd: [8e1f29] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8e1f29] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8e1f29] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8e1f29] DEBUG: ldap_result(): end of results
nslcd: [e87ccd] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [e87ccd] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e87ccd] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e87ccd] DEBUG: ldap_result(): end of results
nslcd: [1b58ba] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [1b58ba] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [1b58ba] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [1b58ba] DEBUG: ldap_result(): end of results
nslcd: [7ed7ab] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7ed7ab] DEBUG:
nslcd_pam_sess_o("johndoe","","sshd","ssh","johndoe.office.fake.nl","")
nslcd: [b141f2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [b141f2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [b141f2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b141f2] DEBUG: ldap_result(): end of results
nslcd: [b71efb] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [b71efb] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [b71efb] DEBUG: ldap_result(): end of results
nslcd: [e2a9e3] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [e2a9e3] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e2a9e3] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e2a9e3] DEBUG: ldap_result(): end of results
nslcd: [45e146] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [45e146] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [45e146] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [45e146] DEBUG: ldap_result(): end of results
nslcd: [5f007c] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [5f007c] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [d062c2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [d062c2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [d062c2] DEBUG: ldap_result(): end of results
nslcd: [200854] DEBUG: connection from pid=27548 uid=5060 gid=100
nslcd: [200854] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [200854] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [200854] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [b127f8] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [b127f8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16231b] DEBUG: nslcd_group_bygid(3005)
nslcd: [16231b] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16e9e8] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [16e9e8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [90cde7] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [90cde7] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [90cde7] error writing to client: Broken pipe
nslcd: [ef438d] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ef438d] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ef438d] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [0e0f76] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [0e0f76] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [0e0f76] error writing to client: Broken pipe
nslcd: [52255a] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [52255a] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [52255a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [52255a] DEBUG: ldap_result(): end of results
nslcd: [9cf92e] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [9cf92e] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [9cf92e] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [9cf92e] error writing to client: Broken pipe
nslcd: [ed7263] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ed7263] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ed7263] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ed7263] DEBUG: ldap_result(): end of results
nslcd: [dcc233] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [dcc233] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [dcc233] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [dcc233] error writing to client: Broken pipe
nslcd: [efd79f] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [efd79f] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [efd79f] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [efd79f] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [a7c4c9] DEBUG: nslcd_group_bymember(root)
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(memberUid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [68079a] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [68079a] DEBUG: nslcd_group_bygid(3005)
nslcd: [68079a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [68079a] DEBUG: ldap_result(): end of results
nslcd: [6afb66] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [6afb66] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [6afb66] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [6afb66] DEBUG: ldap_result(): end of results
nslcd: [e45d32] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [e45d32] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [e45d32] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [e45d32] DEBUG: ldap_result(): end of results
^Cnslcd: [a7c4c9] DEBUG: ldap_unbind()
nslcd: [6afb66] DEBUG: ldap_unbind()
nslcd: [68079a] DEBUG: ldap_unbind()
nslcd: [e45d32] DEBUG: ldap_unbind()
nslcd: [efd79f] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: version 0.7.13 bailing out
root at node1:~#
------
------
johndoe at node1:/$ sudo -l
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(52)=0x82
Matching Defaults entries for johndoe on this host:
env_reset, authenticate, syslog=auth, insults, !mail_no_user
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost 'linux14' ... not
sudo: ldap search 'sudoUser=+*'
User johndoe may run the following commands on this host:
(root) NOPASSWD: /bin/bash
(root) NOPASSWD: /usr/bin/ngrep *, /bin/kill *, /etc/init.d/tomcat
*,
(root) NOPASSWD: /bin/chown tomcat *, /bin/chown -R tomcat *,
johndoe at node1:/$ sudo -i
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: found:cn=full_batch_access,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoCommand '/bin/bash' ... MATCH!
sudo: Command allowed
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(0)=0x02
root at node1:~#
------
More information about the sudo-users
mailing list