[sudo-users] FYI: sudoers entries now don't work through symbolic links
John Little
john.b.little at gmail.com
Sun Jan 7 03:08:52 MST 2024
Hi all,
I haven't changed my sudoers set up for several years, but after release
upgrading to Ubuntu 23.10, sudo 1.9.14p2, a couple of entries stopped
working.
For example, in /etc/suders.d/btrfs I had
john ALL=(ALL) NOPASSWD:/bin/btrfs*
/bin on Ubuntu, and IIRC debian-derived distros, has always a symbolic
link to /usr/bin, or at least for over a decade. Changing the entry to
john ALL=(ALL) NOPASSWD:/usr/bin/btrfs*
and it works fine. sudoers(5) describes the FOLLOW tag, but it only
seems to apply to sudoedit. There's no other mention of symbolic links.
I had the impression that /bin is the canonical place for exceutables;
that's why we put /bin/bash in "shwbangs".
--
Regards, John Little
More information about the sudo-users
mailing list