[sudo-users] Default Overrides in Active Directory
paul at cantle.me
Tue Jan 10 07:09:39 EST 2012
I'm running Sudo version 1.7.4p5 on Fedora 15 machines. The sudoers objects are held in a Win2k8 Active Directory Domain Controller. The local file is not referenced at all.
I was under the impression that the "Defaults" would be overridden by explicit settings that differ from them. E.g if the default is to require a terminal (which it is), then specifying !requiretty for a user/container in sudoOption would override the default.
This is not the behaviour I'm seeing though. I had to set the "visiblepw" and "!requiretty" sudoOptions in the defaults to allow a user to use those settings (rather than leave the defaults alone and just explicitly mention the ones I wanted for the user). When I left the defaults alone and explicitly mentioned those flags for my user, they were not honoured. The user in this case was "apache" (If that makes any difference).
The only sudoOption that seems to work correctly in this instance is !authenticate (which does indeed make the NOPASSWD option for each user that it's mentioned for).
Can anyone shed any light or has anyone else had the same issue?
Here is a sudo -l -U output
Matching Defaults entries for apache on this host:
visiblepw, !requiretty, env_keep=COLORS,DISPLAY,HOSTNAME,HISTSIZE,INPUTRC,KDEDIR,LS_COLORS,MAIL,PS1,PS2,QTDIR,USERNAME,LANG,LC_ADDRESS,LC_CTYPE,LC_COLLATE,LC_IDENTIFICATION,LC_MEASUREMENT,LC_MESSAGES,
User apache may run the following commands on this host:
(testuser) NOPASSWD: /home/testuser/testscript.sh
More information about the sudo-users