[sudo-workers] Problem with matching group names with domain in sudoers

Todd C. Miller Todd.Miller at courtesan.com
Thu Mar 30 16:54:30 MDT 2017

On Thu, 30 Mar 2017 10:42:03 -0400, Tomas Sykora wrote:

> When there is a rule containing a group with a domain in sudoers, e.g.
> %test_group at domain ALL=(ALL) NOPASSWD:ALL
> sudo tries to match strcasecmp("test_group", test_group at domain) in user_in_gr
> oup (pwutil.c),

That's what I would expect it to do.  Unix groups don't really have
the concept of a domain so the @domain is treated literally.  Sudo
AD groups (with a domain) but only with a group provider plugin.

Or is this group part of an NIS domain?

 - todd

More information about the sudo-workers mailing list