Bug 757 – Short hostnames no longer work in sudoers file with fqdn true

Bug 757 - Short hostnames no longer work in sudoers file with fqdn true


Summary:	Short hostnames no longer work in sudoers file with fqdn true

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudoers
Version:	1.8.17
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-09 15:32 MDT by waoki
Modified:	2016-09-20 15:16 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description waoki 2016-09-09 15:32:36 MDT

Sometime between 1.8.10 and 1.8.15, short hostnames stopped working in the sudoers file when the 'fqdn' option is true (as it is by default). The documentation indicates that the short form should still work with the fqdn option set.

Someone else reported this to Ubuntu as bug #1591137, https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1591137

Steps to reproduce:

On a system called 'foobar.example.com', put the following into sudoers:

test foobar=(root) /bin/true
test foobar.umnh.utah.edu=(root) /bin/false

Expected outcome:

sudo -l shows user 'test' is allowed to run:

    (root) /bin/true
    (root) /bin/false

Actual outcome:

sudo -l shows user 'test' is allowed to run:

    (root) /bin/false

sudo -l -U test -h foobar shows user 'test' is allowed to run:

    (root) /bin/false

sudo -l -U test -h foobar.example.com shows user 'test' is allowed to run:

    (root) /bin/true
    (root) /bin/false

Comment 1 waoki 2016-09-09 15:33:22 MDT

Correction to test case: sudoers should be

test foobar=(root) /bin/true
test foobar.example.com=(root) /bin/true

Comment 2 Todd C. Miller 2016-09-09 16:28:21 MDT

Fixed by https://www.sudo.ws/repos/sudo/rev/605c03afc80f

Comment 3 Todd C. Miller 2016-09-20 15:16:10 MDT

Fixed in sudo 1.8.18