[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2
|
From: |
Stuart Hughes |
|
Subject: |
Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2 |
|
Date: |
Sat, 04 Sep 2010 11:27:31 +0100 |
|
User-agent: |
Thunderbird 2.0.0.16 (X11/20080707) |
Hi Joe,
I tried on OpenSuse 11.2 and it works fine for me despite the changed
format. Do you have the latest LTIB? I can't think of anything else.
I've attached a test script you can try which is the test pulled out
from the current ltib, which works fine for me on OS 11.2
Another thing to try is to see if you can do:
$ sudo rpm --version
and:
$ sudo /opt/ltib/usr/bin/rpm --version
Regards, Stuart
Stuart Hughes wrote:
> Hi Joe,
>
> Which version of LTIB are you running? I can't recall if I fixed this or
> not.
>
> If you can confirm this and the problem still exists, I'll try to fixup
> the regex to work with both old and new.
>
> I just tried on Xubuntu 10.04 which has sudo 1.7.2p1-1ubuntu5.1 and it
> works as expected. Could this be an OpenSuse weirdness?
>
> Regards, Stuart
>
> Joe Hershberger wrote:
>> Hi LTIB,
>>
>> It seems that the format of the output from 'sudo -l' has changed from
>> Sudo version 1.6.9p17 to Sudo version 1.7.2. I have 2 build machines,
>> the newer one is running OpenSuSE 11.2 which comes with Sudo version
>> 1.7.2 and cannot pass the sudo check in LTIB.
>>
>> The (old) format that ltib expects looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -l
>> User x may run the following commands on this host:
>> (ALL) ALL
>> (root) NOPASSWD: /bin/rpm
>> (root) NOPASSWD: /opt/freescale/ltib/usr/bin/rpm
>> (root) NOPASSWD: /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> The format that Sudo version 1.7.2 produces looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -l
>> Matching Defaults entries for x on this host:
>> always_set_home, env_reset, env_keep="LANG LC_ADDRESS LC_CTYPE
>> LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY
>> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE
>> LINGUAS XDG_SESSION_COOKIE", targetpw
>>
>> User x may run the following commands on this host:
>> (ALL) ALL
>> (root) NOPASSWD: /bin/rpm, (root) /opt/freescale/ltib/usr/bin/rpm,
>> (root) /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> The new sudo also supports a new listing mode that looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -ll
>> Matching Defaults entries for x on this host:
>> always_set_home, env_reset, env_keep="LANG LC_ADDRESS LC_CTYPE
>> LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY
>> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE
>> LINGUAS XDG_SESSION_COOKIE", targetpw
>>
>> User x may run the following commands on this host:
>>
>> Sudoers entry:
>> RunAsUsers: ALL
>> Commands:
>> ALL
>>
>> Sudoers entry:
>> RunAsUsers: root
>> Commands:
>> NOPASSWD: /bin/rpm
>> RunAsUsers: root
>> Commands:
>> /opt/freescale/ltib/usr/bin/rpm
>> RunAsUsers: root
>> Commands:
>> /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> Naturally this difference kills LTIB's sudo check. For the moment
>> I've hacked ltib to not check, but that's probably not a good solution
>> for everyone.
>>
>> Best regards,
>> -Joe
>>
#!/usr/bin/perl -w
$cf = { rpm => '/opt/ltib/usr/bin/rpm',
path_std =>
"/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin",
username => scalar(getpwuid($<)),
};
check_sudo_setup();
sub check_sudo_setup
{
my ($hostrpm) = `PATH=$cf->{path_std} ; which rpm`;
chomp($hostrpm);
my $s = `yes "" 2>&1 | sudo -S -l 2>&1`;
my $bre = '(?:\(root\)|\(ALL\))\s+(?:ROLE=\s+)?NOPASSWD:';
my $hostrpm_ok = $s =~ /$bre.*[\s,]$hostrpm/m;
my $fsrpm_ok = $s =~ /$bre.*[\s,]$cf->{rpm}/m;
my $all_ok = $s =~ /$bre\s+ALL/m,;
return 1 if $all_ok;
return 1 if $hostrpm_ok && $fsrpm_ok;
die <<TXT;
I ran the command: sudo -S -l which returned:
$s
This means you don't have sudo permission to execute rpm commands as root
without a password. This is needed for this build script to operate correctly.
To configure this, as root using the command "/usr/sbin/visudo",
and add the following line in the User privilege section:
$cf->{username} ALL = NOPASSWD: $hostrpm, $cf->{rpm}
TXT
die;
return 1;
}
- [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Joe Hershberger, 2010/09/01
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Stuart Hughes, 2010/09/03
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2,
Stuart Hughes <=
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Joe Hershberger, 2010/09/04
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Stuart Hughes, 2010/09/06
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Joe Hershberger, 2010/09/07
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Stuart Hughes, 2010/09/09
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Joe Hershberger, 2010/09/10
- Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Stuart Hughes, 2010/09/11
Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2, Joe Hershberger, 2010/09/04