[sudo-workers] Problem with matching group names with domain in sudoers
Todd C. Miller
Todd.Miller at courtesan.com
Thu Mar 30 16:54:30 MDT 2017
On Thu, 30 Mar 2017 10:42:03 -0400, Tomas Sykora wrote:
> When there is a rule containing a group with a domain in sudoers, e.g.
>
> %test_group at domain ALL=(ALL) NOPASSWD:ALL
>
> sudo tries to match strcasecmp("test_group", test_group at domain) in user_in_gr
> oup (pwutil.c),
That's what I would expect it to do. Unix groups don't really have
the concept of a domain so the @domain is treated literally. Sudo
AD groups (with a domain) but only with a group provider plugin.
Or is this group part of an NIS domain?
- todd
More information about the sudo-workers
mailing list