[sudo-users] sudo -h, -U, and []

Todd C. Miller Todd.Miller at sudo.ws
Wed May 29 15:28:46 MDT 2019


On Wed, 29 May 2019 16:09:01 -0400, "Michael W. Lucas" wrote:

> Under certain conditions, I can get sudo -h to return the wrong
> hostname. Not sure if this is a bug or a weird "working as designed,"
> so I'm reporting it.
>
> Testing a user's access on a new policy. Running as root.
>
> User pete has this policy in sudoers, installed on a machine called
> "freebsd."
>
> pete    dns[0-9]=ALL
>
> # sudo -l -U pete -h dns1
> User pete may run the following commands on dns1:
>     (root) ALL
>
> All good. If I get fancy with the brackets, though:
>
> pete    dns[1,3,5,7,9]=ALL
>
> # sudo -l -U pete -h dns1
> User pete is not allowed to run sudo on freebsd.
>
> I get the result for the local machine, "freebsd," and not "dns1."
>
> I'm guessing that this is because fnmatch and glob choke on the
> commas. Fine, I can't use them.
>
> The odd bit is that sudo returns the wrong hostname. I would expect it
> to return the same hostname I give in the command line?

Yes, you need to remove the commas.  The wrong host being printed
is a bug.  I've fixed it in:

    https://www.sudo.ws/repos/sudo/rev/8e6836ff952c

 - todd


More information about the sudo-users mailing list