[sudo-users] Warning email when listing sudo perms
Todd C. Miller
Todd.Miller at courtesan.com
Wed Dec 2 14:24:48 MST 2015
On Wed, 02 Dec 2015 20:52:01 +0000, Paul Cantle wrote:
> I already have a root sudoRole (apologies, I referenced it as a
> "container" in my original email) and it was populated with some
> sudoAttributes, etc. I have cleared all sudo*attributes from it and
> restarted sssd.
>
> Now it looks like this
>
> sudoCommand = NULL
> sudoHost = NULL
> sudoNotAfter = NULL
> sudoNotBefore = NULL
> SudoOption = NULL
> sudoOrder = NULL
> sudoRunAs = NULL
> sudoRunAsGroup = NULL
> sudoRunAsUser = NULL
> sudoUser = NULL
>
> I executed a sudo -l (as root).
>
> I still got the warning mail and the following still appears in the debug log
>
> Dec 2 20:48:07 sudo[23093] sudo_sss_lookup(52)=0x62
I guess the sssd backend is a bit more clever about ignoring roles
with no command. I suppose you could make the sudoCommand something
innocuous like /usr/bin/true.
- todd
More information about the sudo-users
mailing list