somewhat OT: sudo question
Tom H
tomh0665 at gmail.com
Fri Sep 10 14:23:58 UTC 2010
On Thu, Sep 9, 2010 at 10:44 PM, JD <jd1008 at gmail.com> wrote:
>
> On 09/09/2010 07:38 PM, Tom H wrote:
>> On Thu, Sep 9, 2010 at 9:59 PM, JD<jd1008 at gmail.com> wrote:
>>> I tried it and I confirm that sudo is broken if
>>> the NOPASSWD: is followed by a list of commands.
>>> sudo will only allow the user to sudo the specified
>>> commands without a password.
>>> All other commands are blocked.
>>>
>>> I think you should open a bug at bugzilla.redhat.com
>> sudo will only allow what you specify "/etc/sudoers". If you only
>> specify "rajan ALL=(ALL) NOPASSWD: HIBERNATE", rajan will only be able
>> to use sudo to run a command in the HIBERNATE command alias. If rajan
>> wants to use sudo to run other commands (with or without a password),
>> he needs to add "rajan ALL=(ALL) ALL" to "/etc/sudoers".
> Two entries to achieve that?
> That's lame!
You might find it lame but I'm used to a multi-user environment where
we don't give everyone the same privileges and where we use
User_Alias, Runas_Alias, Host_Alias, Cmnd_Alias to grant privileges
and we use multiple lines in sudoers instead of having what might be a
restricted case like "rajan ALL=(ALL) NOPASSWD: HIBERNATE, PASSWD:
ALL".
More information about the users
mailing list