[sudo-users] sudo -i doesn't respect NOPASSWD?
Sébastien Luttringer
seblu at seblu.net
Tue Sep 17 04:14:28 MDT 2013
On Mon, Sep 9, 2013 at 9:36 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Mon, 09 Sep 2013 20:04:17 +0200, =?UTF-8?Q?S=C3=A9bastien_Luttringer?= wrote
> :
>
>> # cat /etc/sudoers.d/81-seblu-id
>> seblu ALL=(root) NOPASSWD: /usr/bin/id
>>
>> Is there any special option to have NOPASSWD working with -i? Or is it a bug?
>
> When you use the -i flag you are wrapping the command inside a
> shell. The actual command that gets run is probably something like:
>
> /bin/sh -c id
>
> or:
>
> /bin/bash -c id
>
> depending on what root's shell is. Check your logs to see what is
> actuallyl being denied.
My log was empty because I SIGINT the process as it asks me password
(and it should not). But if I enter 3 bad passwords I got the
following line.
sept. 17 12:00:49 rwolf sudo[21136]: seblu : 3 incorrect password
attempts ; TTY=pts/8 ; PWD=/home/seblu ; USER=root ; COMMAND=/bin/zsh
-c pacman -Sy
So, it's exactly what you are saying. Thanks!
--
Sébastien "Seblu" Luttringer
https://www.seblu.net
GPG: 0x2072D77A
More information about the sudo-users
mailing list