Sudo science

Oct. 4th, 2005 06:11 pm
sawyl: (Default)
[personal profile] sawyl
Following a massive rationalisation of our extremely crufty sudoers file, I uncovered the following nasty: the order of PASSWD and NOPASSWD matters if you're using the ALL macro. For example:

sawyl rushmore = NOPASSWD: /bin/kill, PASSWD: ALL

requires a password for all commands on host rushmore, even though it looks as though /bin/kill should work without one. If the PASSWD and NOPASSWD definitions are reordered, the problem goes away and everything works as expected.

Although I was pretty surprised by this at first, it actually makes good sense. It makes it possible to define a whole bunch of commands, maybe through a macro like ALL, with one type of authentication and then override the command definition by explicitly specifying a different type of behaviour in the user and host definition.

  • Current Music: Roisin Murphy - Dear Diary
Tags:
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

sawyl: (Default)
sawyl

August 2018

S M T W T F S
   123 4
5 6 7 8910 11
12131415161718
192021222324 25
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 5th, 2026 05:57 am
Powered by Dreamwidth Studios