First Last Prev Next    This bug is not in your last search results.
Bug 589 - 'sudo -l' output is misleading wrt NOPASSWD tag
'sudo -l' output is misleading wrt NOPASSWD tag
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.8.3
PC Linux
: low enhancement
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-18 17:52 MST by mweetman
Modified: 2013-06-16 05:18 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mweetman 2013-02-18 17:52:24 MST 
The output from 'sudo -l' and 'sudo -ll' doesn't show the NOPASSWD tag for subsequent commands (aliases) defined in the same user rule, but lists them separately which makes it look like NOPASSWD is not applied.


Steps to reproduce:
# useradd testuser

# grep -e ^Cmnd_Alias.*SOFTWARE /etc/sudoers
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

# grep -e ^Cmnd_Alias.*DRIVERS /etc/sudoers
Cmnd_Alias DRIVERS = /sbin/modprobe

# grep -e ^testuser /etc/sudoers
testuser ALL=(ALL) NOPASSWD: SOFTWARE, DRIVERS

# sudo -U testuser -l
Matching Defaults entries for testuser on this host:
    requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
    KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
    LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
    LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
    XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User testuser may run the following commands on this host:
    (ALL) NOPASSWD: /bin/rpm, /usr/bin/up2date, /usr/bin/yum, (ALL)
    /sbin/modprobe

# sudo -U testuser -ll
Matching Defaults entries for testuser on this host:
    requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
    KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
    LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
    LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
    LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
    XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User testuser may run the following commands on this host:

Sudoers entry:
    RunAsUsers: ALL
    Commands:
	NOPASSWD: /bin/rpm, /usr/bin/up2date, /usr/bin/yum
    RunAsUsers: ALL
    Commands:
	/sbin/modprobe

# lsmod | grep joy
joydev                 17458  0

# su - testuser
$ sudo /sbin/modprobe -r joydev
$ lsmod | grep joy
$
Comment 1 Todd C. Miller 2013-02-19 16:30:55 MST 
Thanks, I've made changes to the list output to avoid printing the runas list when it has not changed and to reprint the tags if the runas list does change.  That should make things a bit more readable.
Comment 2 Todd C. Miller 2013-06-16 05:18:09 MDT 
Fixed in sudo 1.8.7
First Last Prev Next    This bug is not in your last search results.