|
Bugzilla – Full Text Bug Listing |
| Summary: | sudo -l doesn't works properly when sudoers is set from LDAP | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Giampiero <giampiero> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.7.3 | ||
| Hardware: | IBM | ||
| OS: | Linux | ||
| Attachments: |
output of sudo -l with sudoers_debug=2
Patch to fix display function return value on error |
||
I don't see an obvious bug in there. Can you see if "sudo -ll" has the same problem? (In reply to comment #1) > I don't see an obvious bug in there. Can you see if "sudo -ll" has the same > problem? gentoo@athena ~ $ sudo -l Runas and Command-specific defaults for gentoo: gentoo@athena ~ $ sudo -ll Runas and Command-specific defaults for gentoo: nothing appears ... while with sudo 1.7.2_p7: gentoo@athena ~ $ sudo -l Runas and Command-specific defaults for gentoo: ignore_local_sudoers User gentoo may run the following commands on this host: (ALL) NOPASSWD: ALL gentoo@athena ~ $ sudo -ll Runas and Command-specific defaults for gentoo: ignore_local_sudoers User gentoo may run the following commands on this host: LDAP Role: full_admin RunAsUsers: ALL Options: !authenticate Commands: ALL Bye Giampiero Created attachment 291 [details]
Patch to fix display function return value on error
Can you try the attached list.patch and see if it changes things?
(In reply to comment #3) > Created attachment 291 [details] > Patch to fix display function return value on error > > Can you try the attached list.patch and see if it changes things? Hi, it seems to solve the problem: gentoo@athena ~/src/sudo-1.7.3 $ /usr/local/bin/sudo -l Matching Defaults entries for gentoo on this host: ignore_local_sudoers User gentoo may run the following commands on this host: (ALL) NOPASSWD: ALL gentoo@athena ~/src/sudo-1.7.3 $ /usr/local/bin/sudo -ll Matching Defaults entries for gentoo on this host: ignore_local_sudoers User gentoo may run the following commands on this host: LDAP Role: full_admin RunAsUsers: ALL Options: !authenticate Commands: ALL athena sudo-1.7.3 # /usr/local/bin/sudo -l Matching Defaults entries for root on this host: ignore_local_sudoers User root may run the following commands on this host: (ALL) ALL (ALL) NOPASSWD: ALL athena sudo-1.7.3 # /usr/local/bin/sudo -ll Matching Defaults entries for root on this host: ignore_local_sudoers User root may run the following commands on this host: LDAP Role: root RunAsUsers: ALL Commands: ALL LDAP Role: full_admin RunAsUsers: ALL Options: !authenticate Commands: ALL thanks! Giampiero Hi will the patch be included in the next release? regards Giampiero The fix is present in sudo 1.7.4p4, which is out now. |
Created attachment 290 [details] output of sudo -l with sudoers_debug=2 Hi all, after having configured sudo in order to retrieve sudoers from LDAP, the command "sudo -l" for 1.7.3 version doesn't show the proper defaults & commands. If I give the command as root: athena ~ # sudo -l Runas and Command-specific defaults for root: User root may run the following commands on this host: (ALL) ALL (ALL) NOPASSWD: ALL The output doesn't show the defaults. The same command for any other user: gentoo@athena ~ $ sudo -l Runas and Command-specific defaults for gentoo: The output doesn't show anything. Attached there are also the output of the same commands with sudoers_debug=2 from which results that the command correctly match the results from the LDAP querys without showing the results. If I switch back to 1.7.2 version (same nss and ldap.conf config) everything works properly. athena ~ # sudo -l Runas and Command-specific defaults for root: ignore_local_sudoers User root may run the following commands on this host: (ALL) ALL (ALL) NOPASSWD: ALL gentoo@athena ~ $ sudo -l Runas and Command-specific defaults for gentoo: ignore_local_sudoers User gentoo may run the following commands on this host: (ALL) NOPASSWD: ALL Best regards Giampiero