View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005017 | CentOS-5 | sudo | public | 2011-07-28 09:35 | 2019-01-22 17:53 |
Reporter | kspickard | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 5.5 | ||||
Summary | 0005017: The #includedir directive in sudoers does not work | ||||
Description | As described in sudoers(5), the directive: #includedir /foo/bar.d should cause all files not ending in ~ or . within the /foo/bar.d directory to be included as a part of the sudoers configuration. This doesn't appear to work in sudo-1.7.2p1-9.el5_5. I've verified this is not a result of a syntax error in any included file, at least not according to: visudo -c -f /foo/bar.d/<file> I've tried different permissions for the /foo/bar.d directory, as well as the contained files, to no avail. Finally, if I use the directive: #include /foo/bar.d/<file> the configuration in /foo/bar.d/<file> is included as expected. I have not tried to reproduce this behavior in any other release -- either of CentOS or sudo. | ||||
Additional Information | To reproduce: useradd sudotest echo sudotest | passwd --stdin sudotest mkdir -p /etc/sudoers.d chmod 0550 /etc/sudoers.d Using the command: visudo -f /etc/sudoers.d/sudoers.local add the following, and save, quit: sudotest ALL=(root) ALL Using the command: visudo add the following, and save, quit: #includedir /etc/sudoers.d To test: sudo -U sudotest -l You should receive an indication that 'sudotest' has no sudo commands allowed. su - sudotest sudo -l You should receive a negative response, "Sorry, user sudotest may not run sudo on ...". | ||||
Tags | No tags attached. | ||||
has duplicate | 0005018 | closed | kbsingh@karan.org | The #includedir directive in sudoers does not work |
I am running 5.8 and the manpage says: sudo will read each file in /etc/sudoers.d, skipping file names that end in ~ or contain a . character ... I understand that you named your file /etc/sudoers.d/sudoers.local and according to above manpage snippet it is expected to be skipped. I just verified that #includedir is working in 5.8 |
|
Fixed by Red Hat in RHEL 5.5 onwards - see http://rhn.redhat.com/errata/RHBA-2010-0212.html - and therefore in CentOS 5.5 onwards. | |
yes, but this bug was filed against 5.5 This bug is a result of wrong usage IMO. |
|
FWIW, this 'issue' is present in CentOS 6.3 and 6.4 as well. This should be fixed in the sudo project itself however... particularly in light of the semi-common user name pattern of 'first.last'. A better pattern might be "ignore files STARTING with '.'", or force a filename to match "*.sudo" or some such. |
|
The issue is present in CentOS 7.3 as well. | |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-07-28 09:35 | kspickard | New Issue | |
2011-07-29 19:44 | kbsingh@karan.org | Relationship added | has duplicate 0005018 |
2012-06-04 09:27 | mfalb | Note Added: 0015212 | |
2012-10-29 10:54 | ahmahmahm | Note Added: 0015988 | |
2012-10-29 11:30 | mfalb | Note Added: 0015989 | |
2013-07-22 14:06 | zapman449 | Note Added: 0017710 | |
2019-01-22 17:53 | agrezende | Note Added: 0033659 |