Bugzilla – Bug 118
Users getting incorrect error message when entering command.
Last modified: 2004-01-09 05:46:12 MST
I'm running AIX 4.3.3 maint level 7. Sudo version 1.6.3p6 I've got a list of commands authorized for certain members of a unix group in /etc/sudoers. When a user issues a command the group doesn't have authority to issue he gets the error message: 'user' is not allowed to run sudo on nv6kas. This incident will be reported. Instead of: Sorry, user 'user' is not allowed to execute 'command' as root on nv6kas. The user can issue sudo -l and issue commands detailed to that group in the /etc/sudoers file but when they mistype a command, or 'issue' a command they don't have they think they've lost all access. An example would be I have the line %aplssupt ALL = /usr/bin/crontab -l When a member of the group aplssupt issues: sudo crontab -l they are prompted for the password and get the output from the command. Were they to issue sudo crontab -e they are told they are not allowed to use sudo on this host.
I've found that this only happens when the user is a member of two groups. In /etc/sudoers the two groups have commands set up like so. %group1 ALL = command1,command2,command3 %group2 hostname1 = command Only the people in group one that are also members of group two also get the odd error. The host that the commands that generate the odd error messages are being issued on is not hostname1.
Also, group1 is their primary unix group membership.
I'm fairly certain this is fixed in the current release of sudo.