sudo selectively execute file, * wildcard on dir set with "(ALL)NOPASSWD:".
am 05.01.2010 10:08:37 von kent ho
Hi All,
I'm experiencing a problem with sudo.
sudo selectively execute file in a directory, * wildcard on dir set wit=
h "(ALL)
NOPASSWD:".
I created a script called "script1.sh" in a directory. When I exe=
cute this
script with sudo, it ask me for password which not suppose to happen.=A0=
I break
out with ctrl+c.
I then copy script1.sh to a new file in the same directory as "script2.=
sh".
Now I execute "script1.sh" again with sudo, now it will execute.
There is no change on script1.sh, All I done is created a new file in t=
he
directory.=A0 But now sudo do not ask me password any more.
At this point I can execute both scripts with sudo with no password.=A0=
Which is
normal.
Now I delete "script2.sh".=A0 Now the directory has only 1 file again
"script1.sh".=A0 I execute script1.sh now it will ask me for password a=
gain.
All executable file should be executable regardless, I don't know why t=
his is
happening.=A0 Number of files in directory affects sudo?
Version-Release number of selected component (if applicable):
[mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo
sudo-1.6.9p17-5.el5
How reproducible:
Everytime.
Steps to Reproduce:
Here is the command sequence from the terminal:
==================== =====
==================== ===3D
[mdrop@c-in3sf--02-04 bin]$ pwd
/usr/local/site/operations/dsh/bin
[mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh
=A0 (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*,
/usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/bi=
n/*,
/usr/local/site/operations/bin/*
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 0
[mdrop@c-in3sf--02-04 bin]$ echo "echo test123"> script1.sh ; chmod +x
script1.sh
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
Password:=20
[mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh=20
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 8
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
test123
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt2.sh=20
test123
[mdrop@c-in3sf--02-04 bin]$ rm script2.sh=20
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
Password:=20
[mdrop@c-in3sf--02-04 bin]$=20
==================== =====
==================== =====
============
Actual results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh=20
Password:=20
Expected results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh=20
test123
What could have caused this?
Any help is highly appreciated.
Thanks.
Garlum.
=20
____________________________________________________________ _____
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they=
e-mail you.
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-actio=
n/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:W L:en-xm:SI_=
SB_3:092010--
To unsubscribe from this list: send the line "unsubscribe linux-apps" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: sudo selectively execute file, * wildcard on dir set with"(ALL) NOPASSWD:".
am 05.01.2010 17:08:05 von Aaron
On 2010-01-05 at 17:08:37 +0800, Kent Ho wrote:
> I then copy script1.sh to a new file in the same directory as "script2.sh".
> Now I execute "script1.sh" again with sudo, now it will execute.
Read the docs.
From the sudo man page:
-k The -k (kill) option to sudo invalidates the user's timestamp
by setting the time on it to the Epoch. The next time sudo is run a
password will be required. This option does not require a password and
was added to allow a user to revoke sudo permissions from a .logout file.
-A
--
To unsubscribe from this list: send the line "unsubscribe linux-apps" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: sudo selectively execute file, * wildcard on dir set with"(ALL) NOPASSWD:".
am 11.01.2010 10:41:56 von kent ho
Removing * after / fixed the problem.
Thanks Dany.
________________________________
> Date: Tue, 5 Jan 2010 12:10:34 +0200
> From: danyd@direkt.ro
> To: garlumh@hotmail.com
> Subject: Re: sudo selectively execute file, * wildcard on dir set wit=
h "(ALL) NOPASSWD:".
>
>
>
>
>
>
>
>
>
> On 05.01.2010 11:08, Kent Ho wrote:
>
>
> Hi All,
>
> I'm experiencing a problem with sudo.
>
> sudo selectively execute file in a directory, * wildcard on dir set w=
ith "(ALL)
> NOPASSWD:".
>
> I created a script called "script1.sh" in a directory. When I execute=
this
> script with sudo, it ask me for password which not suppose to happen.=
I break
> out with ctrl+c.
>
> I then copy script1.sh to a new file in the same directory as "script=
2.sh".
> Now I execute "script1.sh" again with sudo, now it will execute.
>
> There is no change on script1.sh, All I done is created a new file in=
the
> directory. But now sudo do not ask me password any more.
>
> At this point I can execute both scripts with sudo with no password. =
Which is
> normal.
>
> Now I delete "script2.sh". Now the directory has only 1 file again
> "script1.sh". I execute script1.sh now it will ask me for password ag=
ain.
>
> All executable file should be executable regardless, I don't know why=
this is
> happening. Number of files in directory affects sudo?
>
>
> Version-Release number of selected component (if applicable):
> [mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo
> sudo-1.6.9p17-5.el5
>
> How reproducible:
> Everytime.
>
> Steps to Reproduce:
> Here is the command sequence from the terminal:
> ==================== ===3D=
==================== ====
> [mdrop@c-in3sf--02-04 bin]$ pwd
> /usr/local/site/operations/dsh/bin
> [mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh
> (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*,
> /usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/=
bin/,
>
>
>
> try this with no * after /
>
>
>
> /usr/local/site/operations/bin/*
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 0
> [mdrop@c-in3sf--02-04 bin]$ echo "echo test123"> script1.sh ; chmod +=
x
> script1.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 4
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> Password:
> [mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 8
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> test123
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript2.sh
> test123
> [mdrop@c-in3sf--02-04 bin]$ rm script2.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 4
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> Password:
> [mdrop@c-in3sf--02-04 bin]$
> ==================== ===3D=
==================== =====
=============3D
>
> Actual results:
> $ sudo /usr/local/site/operations/dsh/bin/script1.sh
> Password:
>
> Expected results:
> $ sudo /usr/local/site/operations/dsh/bin/script1.sh
> test123
>
> What could have caused this?
>
> Any help is highly appreciated.
>
> Thanks.
>
> Garlum.
>
> ____________________________________________________________ _____
> Windows Live: Friends get your Flickr, Yelp, and Digg updates when th=
ey e-mail you.
> http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-act=
ion/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON :WL:en-xm:S=
I_SB_3:092010--
> To unsubscribe from this list: send the line "unsubscribe linux-confi=
g" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
> read up in your content...
>
> hope will work...
>
>
>
> Regards,
>
> Dany
=20
____________________________________________________________ _____
Windows Live Hotmail: Your friends can get your Facebook updates, right=
from Hotmail=AE.
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-actio=
n/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:W L:en-xm:SI_=
SB_4:092009--
To unsubscribe from this list: send the line "unsubscribe linux-apps" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html