Bug 810 – Defaults for Cmnd_Alias not associate to a User_Alias cannot be translated into LDAP

Bug 810 - Defaults for Cmnd_Alias not associate to a User_Alias cannot be translated into LDAP


Summary:	Defaults for Cmnd_Alias not associate to a User_Alias cannot be translated in...

Status:	NEW

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.21
Hardware:	All Other

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-12-06 16:21 MST by Daniele Palumbo
Modified:	2017-12-20 16:45 MST (History)
CC List:	1 user (show)

See Also:	811

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniele Palumbo 2017-12-06 16:21:04 MST

Currently is not possible to translate the following into LDAP:

https://www.sudo.ws/man/1.8.21/sudoers.man.html#EXAMPLES
"Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
Defaults!PAGERS noexec"

According to Todd, this limitation is existing because that sudoRole will never match a query because there is no sudoUser in it.

Current limitation is that there is no way to specify per-command options in
sudoers LDAP.  The options are either global or specific to a given
sudoRole.

In order to have full capability of Sudo over LDAP, this limitation should be removed.