Bug 118

Summary: Users getting incorrect error message when entering command.
Product: Sudo Reporter: Tony Woloszynek <woloszyn>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.6.3   
Hardware: IBM   
OS: AIX   

Description Tony Woloszynek 2003-07-08 11:11:05 MDT 
I'm running AIX 4.3.3 maint level 7.   Sudo version 1.6.3p6

I've got a list of commands authorized for certain members of a unix group 
in /etc/sudoers.

When a user issues a command the group doesn't have authority to issue he gets 
the error message:

'user' is not allowed to run sudo on nv6kas.  This incident will be
reported.

Instead of:
Sorry, user 'user' is not allowed to execute 'command' as root on nv6kas.

The user can issue sudo -l and issue commands detailed to that group in 
the /etc/sudoers file but when they mistype a command, or 'issue' a command 
they don't have they think they've lost all access.


An example would be I have the line
%aplssupt    ALL = /usr/bin/crontab -l

When a member of the group aplssupt issues: sudo crontab -l they are prompted 
for the password and get the output from the command.   Were they to issue sudo 
crontab -e they are told they are not allowed to use sudo on this host.
Comment 1 Tony Woloszynek 2003-07-08 11:24:46 MDT 
I've found that this only happens when the user is a member of two groups.

In /etc/sudoers the two groups have commands set up like so.

%group1    ALL = command1,command2,command3

%group2    hostname1 = command

Only the people in group one that are also members of group two also get the 
odd error.   The host that the commands that generate the odd error messages 
are being issued on is not hostname1.
Comment 2 Tony Woloszynek 2003-07-08 11:29:45 MDT 
Also, group1 is their primary unix group membership.
Comment 3 Todd C. Miller 2004-01-09 01:46:12 MST 
I'm fairly certain this is fixed in the current release of sudo.