[sudo-users] Assistance requested with recent upgrade from 1.6.8 to 1.7.2
Todd C. Miller
Todd.Miller at courtesan.com
Mon Sep 19 16:34:11 EDT 2011
On Mon, 19 Sep 2011 12:54:10 EDT, Mike Dunne wrote:
> I was recently handed a RHEL 5.7 system on which sudo was upgraded from versi
> on 1.6.8 to 1.7.2 of sudo and the upgrade seems to be interfering with a rysn
> c job responsible for backups. Within /etc/sudoers is the following line:
>
> repl ALL=NOPASSWD: REPLF,REPLB,LS,/usr/bin/rsync
>
> REPLF is the name of the script and is defined earlier in the sudoers files a
> s a cmnd_alias. When I manually run the script as the user I see permission d
> enied errors on several directories. This same script runs on many other syst
> ems here, but the only difference I can discern on the affected system is tha
> t the version of sudo is newer. I know that many security features were added
> in 1.7.0 and I was curious if perhaps a new default was added which might be
> causing problems for us.
If you check the logs files you should be able to tell whether the
command is being run successfully via sudo.
One thing to check is that your sudoers file does not include a
line like:
Defaults requiretty
as this will prevent sudo from working from a cron job.
If the only issue you are seeing is the permission denied errors,
you might check to see that SELinux is not interfering with things.
- todd
More information about the sudo-users
mailing list