Bug 395

Summary: Policies that are working on Sudo 1.6.8 are set but not working on 1.6.9
Product: Sudo Reporter: SebastianC <scaballaro>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.6.9   
Hardware: All   
OS: Linux   

Description SebastianC 2010-03-01 12:56:18 MST 
I a policy defined and working fine on sudo 1.6.8, I am using the official RPM from Red Hat sudo-1.6.8p12-10

The line looks like this:

myuser ALL = /home/anotheruser/scripts/mycommand.pl [A-z]*

If I go to the user:

[myuser@server ~]$ sudo -l
User myuser may run the following commands on this host:
    (root) /home/anotheruser/scripts/mycommand.pl [A-z]*

The command runs fine when I type: sudo /home/anotheruser/scripts/mycommand.pl test

If I update to 1.6.9, also original RPM from Red Hat sudo-1.6.9p17-6 this rule stops working. sudo -l command still shows it as an available command but I get this:

[myuser@server ~]$ sudo /home/anotheruser/scripts/mycommand.pl test
Sorry, user scaballaro is not allowed to execute '/home/anotheruser/scripts/mycommand.pl test' as root on server.
Comment 1 SebastianC 2010-03-01 13:16:39 MST 
(In reply to comment #0)
> I a policy defined and working fine on sudo 1.6.8, I am using the
> official RPM from Red Hat sudo-1.6.8p12-10
> The line looks like this:
> myuser ALL = /home/anotheruser/scripts/mycommand.pl [A-z]*
> If I go to the user:
> [myuser@server ~]$ sudo -l
> User myuser may run the following commands on this host:
>     (root) /home/anotheruser/scripts/mycommand.pl [A-z]*
> The command runs fine when I type: sudo
> /home/anotheruser/scripts/mycommand.pl test
> If I update to 1.6.9, also original RPM from Red Hat sudo-1.6.9p17-6
> this rule stops working. sudo -l command still shows it as an available
> command but I get this:
> [myuser@server ~]$ sudo /home/anotheruser/scripts/mycommand.pl test
> Sorry, user scaballaro is not allowed to execute
> '/home/anotheruser/scripts/mycommand.pl test' as root on server.

Just as an update, this seems to be corrected in the latest stable version (1.7.2p5)
Comment 2 Todd C. Miller 2010-05-07 13:40:14 MDT 
I'm going to mark this as fixed but note that [A-z] is not a valid character range in UTF8 locales, which is probably what was causing you problems.  You should use [A-Za-z] instead.  Later versions of sudo parse the sudoers file in the C locale unless otherwise specified.