FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 12-09-2011, 10:05 PM
Craig White
 
Default sudoers no password screwiness

Can't really explain this behavior.

/etc/sudoers.d/user contains...
# This file is managed by puppet
#
# MANUAL EDITS OF THIS FILE WILL BE OVERWRITTEN!
#
Cmnd_Alias SYNC = /usr/bin/rsync,/bin/chmod,/bin/mkdir,/bin/chown,/usr/sbin/slapcat,/usr/bin/ldapsearch
administrator ALL = NOPASSWD: SYNC

(these are the exact contents)

Anyway, I use puppet on a fairly large number of systems and all of the systems under
puppet control have this exact setup (/etc/sudoers
& /etc/sudoers.d/user) and for that matter, also common-passwd,
common-session, common-auth in /etc/pam.d and the user (like all but the
system users) comes from LDAP. Also, /etc/ldap.conf, /etc/nsswitch.conf
are all handled by puppet and thus are exactly the same from computer to
computer.

On 2 computers, this user is asked for his password in order to run the
rsync command but on other computers, this same user is not. The user is
not included in local groups but rather only in LDAP groups.

/etc/sudoers & /etc/sudoers.d/user are indeed 0440 (again managed by
puppet) so it's not a permission issue on these files.

Putting these same 2 lines into /etc/sudoers, commenting them out from /etc/sudoers.d/user (and letting puppet propagate the changes) and I am good to go which is how I am doing things at the moment but I sure would love to solve this. Also, just for kicks, I replaced the white space from tabs to spaces but that seemed to not have an impact.

What else could possibly be at play?

Craig

--
Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.white@ttiltd.com
1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com

Need help communicating between generations at work to achieve your desired success? Let us help!


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 05:33 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org