[sudo-users] Conflict while a user is in two groups?

Paul Cantle paul at cantle.me
Tue Oct 4 11:25:25 MDT 2016


Hi,

Are you sure you have the rules in that order that you display below? i.e. %users first and then %wheel after it?

The man page suggests that the last rule will apply when multiple entries match:

When multiple entries match for a user, they are applied in order.
Where there are multiple matches, the last match is used (which is not necessarily the most specific match).

Rgds

Paul

On 04/10/2016, 18:14, "sudo-users on behalf of Bernard Fay" <sudo-users-bounces at sudo.ws on behalf of bernard.fay at gmail.com> wrote:

    Hi,
    
    Is it possible a conflict may happen if a user is in two groups:
    
    [root at FILESRV01 ~]# groups bern
    bern : Administrators users wheel
    
    In /etc/sudoers, I defined the following entries:
    %users  FILESRV01=(ALL) NOPASSWD:/bin/smbpasswd, /bin/ldappasswd
    %wheel  ALL=(ALL)       ALL
    
    There is a script that call /bin/smbpasswd and /bin/ldappasswd and I expect
    users will not have to enter their passwords to run those two commands.
    
    For users only in the group users it works fine but not for the users being
    in group users and wheel such a the shown user bern, it does not work.
    
    Does something can be done or I have to remove the users from group wheel?
    
    Thanks,
    Bernard
    ____________________________________________________________
    sudo-users mailing list <sudo-users at sudo.ws>
    For list information, options, or to unsubscribe, visit:
    https://www.sudo.ws/mailman/listinfo/sudo-users
    



More information about the sudo-users mailing list