Re: /etc/sudoers precedence question

[MB <sparkynine@yahoo.com>]

Looks like I forgot to test my answer.  It does not seem that you can use localhost as a hostname in

omacneil localhost=NOPASSWD: /usr/cs/2002/omacneil/sbin/update

Try using ALL and things should work.  I use ALL in my sudo file and have not given it any other thought.  My machines are not NIS or other user/password sharing scheme.  I even tried my hostname in there and it did not work.  I am now interested in finding out what's up here.

Mark

Dan MacNeil wrote:

Are you running the "update" command using the full path?

/usr/cs/2002/omacneil/sbin/update
    

I am prompted for a password if I say:

sudo /usr/cs/2002/omacneil/sbin/update

	or if I say

sudo update

which update gives me

/usr/cs/2002/omacneil/sbin/update.

I am aware that the current sudo file allows sudo bash. The goal is audit
rather than control.

Thanks for the reply.


On Sat, 21 Feb 2004, MB wrote:

  

Dan,

Are you running the "update" command using the full path?

/usr/cs/2002/omacneil/sbin/update


Your sudo file allows running the above command only with no password.
Also you should note that a sudo file like this allows for you to get a
root shell via "sudo bash", which may or may not be what you want to allow.

Mark

Dan MacNeil wrote:

    

Given the sudoers file below omacneil (as a member of wheel) should be
able to do anything with a password and should be able to run "update"
with no password.

I can run everything but only with a password.

What am I missing?

reversing the order of %wheel & omacneil lines doesn't change things.


###########
# User privilege specification
root    ALL=(ALL) ALL
ken     ALL=(ALL) ALL

Defaults        !lecture, insults
%wheel  ALL=(ALL)       ALL
omacneil localhost=NOPASSWD: /usr/cs/2002/omacneil/sbin/update