[sudo-users] sudo 1.9.5p2 ignores NOPASSWD rules

Ralph Meier ralph.meier at merckgroup.com
Thu Jan 28 09:19:13 MST 2021 

sudo -ll

Matching Defaults entries for ralph on server1490:
    ignore_local_sudoers, listpw=never, syslog=auth, !env_reset, passprompt="%u password :", badpass_message="Wrong password :"

User ralph may run the following commands on server1490:

LDAP Role: os_viocheck_xxxde
    RunAsUsers: root
    Options: !authenticate
    Commands:
        ALL

Best Regards
Ralph

-----Ursprüngliche Nachricht-----
Von: Todd C. Miller <Todd.Miller at sudo.ws>
Gesendet: Donnerstag, 28. Januar 2021 17:06
An: Ralph Meier <ralph.meier at merckgroup.com>
Cc: sudo-users at sudo.ws
Betreff: Re: [sudo-users] sudo 1.9.5p2 ignores NOPASSWD rules

[WARNING – EXTERNAL EMAIL] Do not open links or attachments unless you recognize the sender of this email. If you are unsure please click the button "Report suspicious email"


On Thu, 28 Jan 2021 16:03:14 +0000, Ralph Meier wrote:

> sudo 1.9.5p2 generally works fine but ignores NOPASSWD rules (all
> rules store d in LDAP directory)
>
> A sample rule looks like this and works fine with the previously used
> sudo ve rsion 1.8.9.
>
> LDAP Role: os_check
>     RunAsUsers: root
>     Options: !authenticate
>     Commands:
>         ALL

What does the output of "sudo -ll" look like for the affected user?

 - todd


This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.



Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.

More information about the sudo-users mailing list