[sudo-users] Assistance requested with recent upgrade from 1.6.8 to 1.7.2
Mike Dunne
mdunne at isc.upenn.edu
Thu Sep 22 15:15:39 EDT 2011
Hi,
Thanks for the reply. I added the defaults line that you suggested and it cleared the cron errors. I am left with permission errors that are most likely not at all related to sudo. If I have a user within the sudoers file as:
repl ALL=(ALL) ALL
Would this give them full reign over the system?
Thanks again for your help.
Mike
One last question that I have, if I have a user in the sudoers file as
On Sep 19, 2011, at 4:34 PM, Todd C. Miller wrote:
> On Mon, 19 Sep 2011 12:54:10 EDT, Mike Dunne wrote:
>
>> I was recently handed a RHEL 5.7 system on which sudo was upgraded from versi
>> on 1.6.8 to 1.7.2 of sudo and the upgrade seems to be interfering with a rysn
>> c job responsible for backups. Within /etc/sudoers is the following line:
>>
>> repl ALL=NOPASSWD: REPLF,REPLB,LS,/usr/bin/rsync
>>
>> REPLF is the name of the script and is defined earlier in the sudoers files a
>> s a cmnd_alias. When I manually run the script as the user I see permission d
>> enied errors on several directories. This same script runs on many other syst
>> ems here, but the only difference I can discern on the affected system is tha
>> t the version of sudo is newer. I know that many security features were added
>> in 1.7.0 and I was curious if perhaps a new default was added which might be
>> causing problems for us.
>
> If you check the logs files you should be able to tell whether the
> command is being run successfully via sudo.
>
> One thing to check is that your sudoers file does not include a
> line like:
>
> Defaults requiretty
>
> as this will prevent sudo from working from a cron job.
>
> If the only issue you are seeing is the permission denied errors,
> you might check to see that SELinux is not interfering with things.
>
> - todd
More information about the sudo-users
mailing list