Bug 183 – Allow root to list authoirzations for users (For Audit Compliance)

Bug 183 - Allow root to list authoirzations for users (For Audit Compliance)


Summary:	Allow root to list authoirzations for users (For Audit Compliance)

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Configure
Version:	1.6.8
Hardware:	Other All

Importance:	normal enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-06-06 13:12 MDT by Richard Ross
Modified:	2005-06-06 17:18 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Richard Ross 2005-06-06 13:12:01 MDT

We have a audit requirement (Sarbanes Oxley) to revalidate userid
authorizations within the sudoers file.  I would like a simple way of
performing this within sudo by issuing a 'sudo -u userid -l' .. Unfortunately,
this returns the authorizations for the user that ran the command (root in my
case).  If I change the command to 'sudo -u userid sudo -l' then each person
would need to be authorized w/NOPASSWD: for 'sudo -l'.  I would like the ability
to authorize a particular userid or group via:

root ALL = (ALL) NOPASSWD: /usr/local/bin/sudo -u * -l

so that a simple script can be written to list each users authorizations.  In
this day of Sarbanes Oxley, this functionality is getting more important.

Thank You
Richard Ross

Comment 1 Todd C. Miller 2005-06-06 13:18:48 MDT

sudo 1.7 will allow root to list other users