Bug 123

Summary: no passwd request if run sudo via script
Product: Sudo Reporter: lkm380z <lkm380z>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: security CC: lkm380z
Priority: normal    
Version: 1.6.6   
Hardware: Other   
OS: Linux   

Description lkm380z 2003-10-19 18:02:49 MDT 
i was visudo as root and add

lkm380z ALL=/sbin/shutdown

it request passwd when i type:

$sudo -u root /sbin/shutdown -h now

but not request when i run via a script (let call it's ssdown)

i create the ssdown as:

$touch ssdown
$chmod 0700 ssdown
$vi ssdown
----> what i type in vi
#!/bin/sh
sudo -u root /sbin/sudo

it's work without passwd, please help, i think it's bug, and i was try with 
FreeBSD-4.8, hehe, also allow me to shutdown without passwd.

i'm newbie (9mths linux, 2weeks freebsd), please forgive me if i submit 
something wrong.

thanks!
Comment 1 lkm380z 2003-10-19 18:04:49 MDT 
sorry!

#!/bin/sh
sudo -u root /sbin/shutdown -h now

sorry for the wrong typing...
Comment 2 lkm380z 2003-10-21 01:19:19 MDT 
hi!
i shutdown the pc... restart the pc... now sudo do ask my passwd as what it 
should, i think it might be some "memory cache"?
sorry... false alarm...
Comment 3 Todd C. Miller 2004-01-09 01:33:40 MST 
Sudo keeps a timestamp of the last time you authenticated and doesn't prompt for 
a password if you've successfully authenticated within the last N minutes where 
N is 5 by default.  This is configurable via the timestamp_timeout Defaults 
option in sudoers.  See the sudoers man page for details.