[sudo-users] sudo 1.9.5p2 ignores NOPASSWD rules
Todd C. Miller
Todd.Miller at sudo.ws
Thu Jan 28 11:58:53 MST 2021
I haven't been able to reproduce this problem. This is what I see
using a test user:
$ sudo -k id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
$ sudo -l
Matching Defaults entries for testdude on xerxes:
ignore_local_sudoers, listpw=never, syslog=auth, !env_reset, passprompt="%u
password :", badpass_message="Wrong password :"
User testdude may run the following commands on xerxes:
(root) NOPASSWD: ALL
$ sudo -ll
Matching Defaults entries for testdude on xerxes:
ignore_local_sudoers, listpw=never, syslog=auth, !env_reset, passprompt="%u
password :", badpass_message="Wrong password :"
User testdude may run the following commands on xerxes:
LDAP Role: testdude
RunAsUsers: root
Options: !authenticate
Commands:
ALL
My LDIF looks like this:
# testdude, sudoers, sudo.ws
dn: cn=testdude,ou=sudoers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: testdude
sudoUser: testdude
sudoRunAs: root
sudoHost: ALL
sudoCommand: ALL
sudoOption: !authenticate
# defaults, sudoers, sudo.ws
dn: cn=defaults,ou=sudoers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: ignore_local_sudoers
sudoOption: listpw=never
sudoOption: syslog=auth
sudoOption: !env_reset
sudoOption: passprompt="%u password :"
sudoOption: badpass_message="Wrong password :"
More information about the sudo-users
mailing list