[sudo-users] Conflict while a user is in two groups?

Paul Cantle paul at cantle.me
Tue Oct 4 11:25:25 MDT 2016


Are you sure you have the rules in that order that you display below? i.e. %users first and then %wheel after it?

The man page suggests that the last rule will apply when multiple entries match:

When multiple entries match for a user, they are applied in order.
Where there are multiple matches, the last match is used (which is not necessarily the most specific match).



On 04/10/2016, 18:14, "sudo-users on behalf of Bernard Fay" <sudo-users-bounces at sudo.ws on behalf of bernard.fay at gmail.com> wrote:

    Is it possible a conflict may happen if a user is in two groups:
    [root at FILESRV01 ~]# groups bern
    bern : Administrators users wheel
    In /etc/sudoers, I defined the following entries:
    %users  FILESRV01=(ALL) NOPASSWD:/bin/smbpasswd, /bin/ldappasswd
    %wheel  ALL=(ALL)       ALL
    There is a script that call /bin/smbpasswd and /bin/ldappasswd and I expect
    users will not have to enter their passwords to run those two commands.
    For users only in the group users it works fine but not for the users being
    in group users and wheel such a the shown user bern, it does not work.
    Does something can be done or I have to remove the users from group wheel?
    sudo-users mailing list <sudo-users at sudo.ws>
    For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list