Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Server Development (http://www.linux-archive.org/ubuntu-server-development/)
-   -   sudoers no password screwiness (http://www.linux-archive.org/ubuntu-server-development/608590-sudoers-no-password-screwiness.html)

Craig White 12-09-2011 10:05 PM

sudoers no password screwiness
 
Can't really explain this behavior.

/etc/sudoers.d/user contains...
# This file is managed by puppet
#
# MANUAL EDITS OF THIS FILE WILL BE OVERWRITTEN!
#
Cmnd_Alias SYNC = /usr/bin/rsync,/bin/chmod,/bin/mkdir,/bin/chown,/usr/sbin/slapcat,/usr/bin/ldapsearch
administrator ALL = NOPASSWD: SYNC

(these are the exact contents)

Anyway, I use puppet on a fairly large number of systems and all of the systems under
puppet control have this exact setup (/etc/sudoers
& /etc/sudoers.d/user) and for that matter, also common-passwd,
common-session, common-auth in /etc/pam.d and the user (like all but the
system users) comes from LDAP. Also, /etc/ldap.conf, /etc/nsswitch.conf
are all handled by puppet and thus are exactly the same from computer to
computer.

On 2 computers, this user is asked for his password in order to run the
rsync command but on other computers, this same user is not. The user is
not included in local groups but rather only in LDAP groups.

/etc/sudoers & /etc/sudoers.d/user are indeed 0440 (again managed by
puppet) so it's not a permission issue on these files.

Putting these same 2 lines into /etc/sudoers, commenting them out from /etc/sudoers.d/user (and letting puppet propagate the changes) and I am good to go which is how I am doing things at the moment but I sure would love to solve this. Also, just for kicks, I replaced the white space from tabs to spaces but that seemed to not have an impact.

What else could possibly be at play?

Craig

--
Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.white@ttiltd.com
1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com

Need help communicating between generations at work to achieve your desired success? Let us help!


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam


All times are GMT. The time now is 05:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.