[sudo-users] sudo -h, -U, and []

Michael W. Lucas mwlucas at michaelwlucas.com
Wed May 29 14:09:01 MDT 2019


Under certain conditions, I can get sudo -h to return the wrong
hostname. Not sure if this is a bug or a weird "working as designed,"
so I'm reporting it.

Testing a user's access on a new policy. Running as root.

User pete has this policy in sudoers, installed on a machine called

pete    dns[0-9]=ALL

# sudo -l -U pete -h dns1
User pete may run the following commands on dns1:
    (root) ALL

All good. If I get fancy with the brackets, though:

pete    dns[1,3,5,7,9]=ALL

# sudo -l -U pete -h dns1
User pete is not allowed to run sudo on freebsd.

I get the result for the local machine, "freebsd," and not "dns1."

I'm guessing that this is because fnmatch and glob choke on the
commas. Fine, I can't use them.

The odd bit is that sudo returns the wrong hostname. I would expect it
to return the same hostname I give in the command line?


Michael W. Lucas 	https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...

More information about the sudo-users mailing list