Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

WWWXXXAPC, docmd.close 2585, WWWXXXDOCO, nu vot, dhcpd lease file "binding state", WWWXXXDOCO, how to setup procmail to process html2text, how to setup procmail html2text, WWWXXXAPC., XXXCNZZZ

Links

XODOX
Impressum

#1: sudo selectively execute file, * wildcard on dir set with "(ALL)NOPASSWD:".

Posted on 2010-01-05 10:08:37 by kent ho

Hi All,

I'm experiencing a problem with sudo.

sudo selectively execute file in a directory, * wildcard on dir set wit=
h "(ALL)
NOPASSWD:".

I created a script called "script1.sh" in a directory.   When I exe=
cute this
script with sudo, it ask me for password which not suppose to happen.=A0=
I break
out with ctrl+c.

I then copy script1.sh to a new file in the same directory as "script2.=
sh".
Now I execute "script1.sh" again with sudo, now it will execute.

There is no change on script1.sh, All I done is created a new file in t=
he
directory.=A0 But now sudo do not ask me password any more.

At this point I can execute both scripts with sudo with no password.=A0=
Which is
normal.

Now I delete "script2.sh".=A0 Now the directory has only 1 file again
"script1.sh".=A0 I execute script1.sh now it will ask me for password a=
gain.

All executable file should be executable regardless, I don't know why t=
his is
happening.=A0 Number of files in directory affects sudo?


Version-Release number of selected component (if applicable):
[mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo
sudo-1.6.9p17-5.el5

How reproducible:
Everytime.

Steps to Reproduce:
Here is the command sequence from the terminal:
==================== =====
==================== ===3D
[mdrop@c-in3sf--02-04 bin]$ pwd
/usr/local/site/operations/dsh/bin
[mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh
  =A0 (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*,
/usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/bi=
n/*,
/usr/local/site/operations/bin/*
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 0
[mdrop@c-in3sf--02-04 bin]$ echo "echo test123"> script1.sh ; chmod +x
script1.sh
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
Password:=20
[mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh=20
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 8
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
test123
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt2.sh=20
test123
[mdrop@c-in3sf--02-04 bin]$ rm script2.sh=20
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/scr=
ipt1.sh=20
Password:=20
[mdrop@c-in3sf--02-04 bin]$=20
==================== =====
==================== =====
============

Actual results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh=20
Password:=20

Expected results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh=20
test123

What could have caused this?

Any help is highly appreciated.

Thanks.

Garlum.
=20
____________________________________________________________ _____
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they=
e-mail you.
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-actio=
n/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:W L:en-xm:SI_=
SB_3:092010--
To unsubscribe from this list: send the line "unsubscribe linux-apps" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Report this message

#2: Re: sudo selectively execute file, * wildcard on dir set with"(ALL) NOPASSWD:".

Posted on 2010-01-05 17:08:05 by Aaron

On 2010-01-05 at 17:08:37 +0800, Kent Ho wrote:
> I then copy script1.sh to a new file in the same directory as "script2.sh".
> Now I execute "script1.sh" again with sudo, now it will execute.

Read the docs.

From the sudo man page:

-k The -k (kill) option to sudo invalidates the user's timestamp
by setting the time on it to the Epoch. The next time sudo is run a
password will be required. This option does not require a password and
was added to allow a user to revoke sudo permissions from a .logout file.

-A
--
To unsubscribe from this list: send the line "unsubscribe linux-apps" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Report this message

#3: RE: sudo selectively execute file, * wildcard on dir set with"(ALL) NOPASSWD:".

Posted on 2010-01-11 10:41:56 by kent ho

Removing * after / fixed the problem.

Thanks Dany.

________________________________
> Date: Tue, 5 Jan 2010 12:10:34 +0200
> From: danyd@direkt.ro
> To: garlumh@hotmail.com
> Subject: Re: sudo selectively execute file, * wildcard on dir set wit=
h "(ALL) NOPASSWD:".
>
>
>
>
>
>
>
>
>
> On 05.01.2010 11:08, Kent Ho wrote:
>
>
> Hi All,
>
> I'm experiencing a problem with sudo.
>
> sudo selectively execute file in a directory, * wildcard on dir set w=
ith "(ALL)
> NOPASSWD:".
>
> I created a script called "script1.sh" in a directory. When I execute=
this
> script with sudo, it ask me for password which not suppose to happen.=
I break
> out with ctrl+c.
>
> I then copy script1.sh to a new file in the same directory as "script=
2.sh".
> Now I execute "script1.sh" again with sudo, now it will execute.
>
> There is no change on script1.sh, All I done is created a new file in=
the
> directory. But now sudo do not ask me password any more.
>
> At this point I can execute both scripts with sudo with no password. =
Which is
> normal.
>
> Now I delete "script2.sh". Now the directory has only 1 file again
> "script1.sh". I execute script1.sh now it will ask me for password ag=
ain.
>
> All executable file should be executable regardless, I don't know why=
this is
> happening. Number of files in directory affects sudo?
>
>
> Version-Release number of selected component (if applicable):
> [mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo
> sudo-1.6.9p17-5.el5
>
> How reproducible:
> Everytime.
>
> Steps to Reproduce:
> Here is the command sequence from the terminal:
> ==================== ===3D=
==================== ====
> [mdrop@c-in3sf--02-04 bin]$ pwd
> /usr/local/site/operations/dsh/bin
> [mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh
> (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*,
> /usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/=
bin/,
>
>
>
> try this with no * after /
>
>
>
> /usr/local/site/operations/bin/*
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 0
> [mdrop@c-in3sf--02-04 bin]$ echo "echo test123"> script1.sh ; chmod +=
x
> script1.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 4
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> Password:
> [mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 8
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> test123
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript2.sh
> test123
> [mdrop@c-in3sf--02-04 bin]$ rm script2.sh
> [mdrop@c-in3sf--02-04 bin]$ ls -l
> total 4
> -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
> [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/s=
cript1.sh
> Password:
> [mdrop@c-in3sf--02-04 bin]$
> ==================== ===3D=
==================== =====
=============3D
>
> Actual results:
> $ sudo /usr/local/site/operations/dsh/bin/script1.sh
> Password:
>
> Expected results:
> $ sudo /usr/local/site/operations/dsh/bin/script1.sh
> test123
>
> What could have caused this?
>
> Any help is highly appreciated.
>
> Thanks.
>
> Garlum.
>
> ____________________________________________________________ _____
> Windows Live: Friends get your Flickr, Yelp, and Digg updates when th=
ey e-mail you.
> http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-act=
ion/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON :WL:en-xm:S=
I_SB_3:092010--
> To unsubscribe from this list: send the line "unsubscribe linux-confi=
g" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
> read up in your content...
>
> hope will work...
>
>
>
> Regards,
>
> Dany
=20
____________________________________________________________ _____
Windows Live Hotmail: Your friends can get your Facebook updates, right=
from Hotmail=AE.
http://www.microsoft.com/middleeast/windows/windowslive/see- it-in-actio=
n/social-network-basics.aspx?ocid=3DPID23461::T:WLMTAGL:ON:W L:en-xm:SI_=
SB_4:092009--
To unsubscribe from this list: send the line "unsubscribe linux-apps" i=
n
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Report this message