[sudo-users] "sudo" and "sudo -k" inconsistency?
Dominik Sander
mail at dsander.de
Thu May 17 06:49:05 EDT 2012
Hi,
I would expect "sudo" and "sudo -k" to act the same way if no user
credentials are cached, either both prompt for a password or they
don't. But the exempt_group option of the sudoers file seems to mess
things up a bit.
Working normally:
Matching Defaults entries for dominik on this host:
env_reset,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User dominik may run the following commands on this host:
(ALL) NOPASSWD: ALL
(ALL : ALL) ALL
dominik at ubuntu ~ $$ sudo -K
dominik at ubuntu ~ $$ sudo whoami
[sudo] password for dominik:
dominik at ubuntu ~ $$ sudo -k whoami
[sudo] password for dominik:
With exempt_group:
Matching Defaults entries for dominik on this host:
env_reset, exempt_group=admin,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User dominik may run the following commands on this host:
(ALL) NOPASSWD: ALL
(ALL : ALL) ALL
dominik at ubuntu ~ $$ sudo -K
dominik at ubuntu ~ $$ sudo whoami
root
dominik at ubuntu ~ $$ sudo -k whoami
[sudo] password for dominik:
I am wondering, if this is working as excepted and if so, why is it the
case, I wasn't able to find any documentation on the exempt_group option
working differently for "sudo -k".
regards,
Dominik
More information about the sudo-users
mailing list