[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo doesn't ask for passwd



hi

Ship's Log, Lt. D'jinnie, Stardate 051298.1329:
> 
> Ok, I suspect this comment is going to brand me as permanently clueless,
> but...debian has some thing where you can authorize your users to su
> without supplying a password.

that's for example secure-su which I used to have installed
Desired=Unknown/Install/Remove/Purge
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name            Version        Description
+++-===============-==============-============================================
rc  secure-su       980403-0.3     su with more security options

however /etc/suauth looks still ok:

# /etc/suauth - secure-su control file.  See suauth(5) for full documentation.

# Uncommenting this line will only allow members of group root to su to root.
root:ALL EXCEPT GROUP sudo:DENY
root:GROUP sudo:OWNPASS

it schould still ask me for my own passwd 

> Since sudo -s seems to be rather analogous
> to that, i.e. it runs a root shell for you, could this configuration
> somehow work for both su and sudo? What happens when you try to su?

As I skipet back to normal su (suspeckting secure-su) it now asks me for the
root passwd as su is ment to be :)

But anyway, I cannot find anything weired going on 

I did a su -c 'strace sudo -s' 2>sudo.trace

grep etc sudo.trace show this:

open("/etc/ld.so.preload", O_RDONLY)    = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
read(3, "# /etc/nsswitch.conf\n#\n# Examp"..., 4096) = 406
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/etc/passwd", O_RDONLY)           = 3
open("/etc/shadow", O_RDONLY)           = 3
open("/etc/localtime", O_RDONLY)        = 3
open("/etc/resolv.conf", O_RDONLY)      = 3
open("/etc/hosts", O_RDONLY)            = 3
lstat("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=302, ...}) = 0
lstat("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=302, ...}) = 0
open("/etc/sudoers", O_RDONLY)          = 4
open("/etc/group", O_RDONLY)            = 5
open("/etc/group", O_RDONLY)            = 5
open("/etc/group", O_RDONLY)            = 4
open("/etc/passwd", O_RDONLY)           = 4
open("/etc/ld.so.preload", O_RDONLY)    = 4
open("/etc/ld.so.cache", O_RDONLY)      = 4
open("/etc/nsswitch.conf", O_RDONLY)    = 4
read(4, "# /etc/nsswitch.conf\n#\n# Examp"..., 4096) = 406
open("/etc/ld.so.cache", O_RDONLY)      = 4
open("/etc/passwd", O_RDONLY)           = 4
open("/etc/terminfo/s/screen", O_RDONLY) = 4
stat("/etc/inputrc", {st_mode=S_IFREG|0644, st_size=315, ...}) = 0
open("/etc/inputrc", O_RDONLY)          = 4
read(4, "# /etc/inputrc - global inputrc "..., 315) = 315


nothing bad as far as I can tell.

grep var sudo.trace shows (among other) this:

lstat("../../var", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("/var", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("/var/run", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("/var/run/sudo", {st_mode=S_IFDIR|0700, st_size=1024, ...}) = 0
stat("/var/run/sudo/root", 0xbffff3c0)  = -1 ENOENT (No such file or directory)
utime("/var/run/sudo/root", NULL)       = -1 ENOENT (No such file or directory)
open("/var/run/sudo/root", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 4

timestamp does not exist and is therefor created ...
/me joins the cluless party and aplies to be president ...


Greetings

-- 
Alexander N. Benner <*> Nikodemus@innocent.com <*> Ephesians 6:12
For we wrestle not against flesh and blood, but against
principalities, against powers, against the rulers of the
darkness of this world, against spiritual wickedness in high places.


Reply to: