[sudo-users] Doubt regarding NOPASSWD
Jackson
jakrainer at yahoo.com
Fri Sep 9 08:02:13 EDT 2011
Hello everyone,
I'm starting to test sudo 1.8.2 on AIX and I have a doubt regarding NOPASSWD.
I tried to apply an sample configuration file that works today(based on sudo 1.6.20) to 1.8.2 and I've notice a change in the way it interprets NOPASSWD.
For example:
Here is output of sudo -l command for user jackson:
$ sudo -l
Matching Defaults entries for jackson on this host:
syslog_goodpri=debug, syslog_badpri=debug, syslog=local2, !env_reset, mailto=jackson at company.com
User jackson may run the following commands on this host:
(root) NOPASSWD: ALL, (root) !/usr/bin/su, !/usr/bin/su -, /usr/bin/su - [a-z]*, /usr/bin/su [a-z]*, !/usr/bin/su root, !/usr/bin/su
- root, !/usr/bin/su - root -[a-z]*, !/usr/bin/su root -[a-z]*, (root) NOEXEC: /usr/bin/ed, /usr/bin/edit, /usr/bin/vi,
/usr/bin/more, /usr/bin/tail, /usr/bin/pg
On sudo 1.6.20, if I try to run any of the non allowed commands I will not have to provide my password first, I just receive the message that I'm not allowed to run that command.
On 1.8.2, if I try to run a command that I’m not allowed to, my password is requested and only after providing it I will receive the message that I'm not allowed to run it. For the commands that I'm allowed to run, I don´t need to provide any password.
Is this behavior expected on version 1.8.2? Is there any change that I can make on /etc/sudoers to make it not request the password when I try to run a command that I’m not allowed to?
Thanks in Advance,
Jackson
More information about the sudo-users
mailing list