[sudo-users] Assistance requested with recent upgrade from 1.6.8 to 1.7.2

Mike Dunne mdunne at isc.upenn.edu
Thu Sep 22 15:15:39 EDT 2011


Hi, 

Thanks for the reply. I added the defaults line that you suggested and it cleared the cron errors. I am left with permission errors that are most likely not at all related to sudo. If I have a user within the sudoers file as:

repl    ALL=(ALL) ALL

Would this give them full reign over the system?

Thanks again for your help. 

Mike



One last question that I have, if I have a user in the sudoers file as 
On Sep 19, 2011, at 4:34 PM, Todd C. Miller wrote:

> On Mon, 19 Sep 2011 12:54:10 EDT, Mike Dunne wrote:
> 
>> I was recently handed a RHEL 5.7 system on which sudo was upgraded from versi
>> on 1.6.8 to 1.7.2 of sudo and the upgrade seems to be interfering with a rysn
>> c job responsible for backups. Within /etc/sudoers is the following line:
>> 
>> repl            ALL=NOPASSWD: REPLF,REPLB,LS,/usr/bin/rsync
>> 
>> REPLF is the name of the script and is defined earlier in the sudoers files a
>> s a cmnd_alias. When I manually run the script as the user I see permission d
>> enied errors on several directories. This same script runs on many other syst
>> ems here, but the only difference I can discern on the affected system is tha
>> t the version of sudo is newer. I know that many security features were added
>> in 1.7.0 and I was curious if perhaps a new default was added which might be
>> causing problems for us. 
> 
> If you check the logs files you should be able to tell whether the
> command is being run successfully via sudo.
> 
> One thing to check is that your sudoers file does not include a
> line like:
> 
>    Defaults requiretty
> 
> as this will prevent sudo from working from a cron job.
> 
> If the only issue you are seeing is the permission denied errors,
> you might check to see that SELinux is not interfering with things.
> 
> - todd





More information about the sudo-users mailing list