Bug 551347
| Summary: | sudo selectively execute file, * wildcard on dir set with "(ALL) NOPASSWD:". | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | garlumh |
| Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 5.4 | CC: | dkopecek, garlumh |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: |
Linux c-in3sf--02-04 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
|
|
| Last Closed: | 2010-01-07 16:25:04 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This seems to be the same issue as reported in bz#521778. Closing as duplicate. *** This bug has been marked as a duplicate of bug 521778 *** Fixed by removing * from /. e.g. use "/usr/local/site/operation/dsh/bin/" instead of "/usr/local/site/operation/dsh/bin/*". |
Description of problem: sudo selectively execute file in a directory, * wildcard on dir set with "(ALL) NOPASSWD:". I created a script called "script1.sh" in a directory. When I execute this script with sudo, it ask me for password which not suppose to happen. I break out with ctrl+c. I then copy script1.sh to a new file in the same directory as "script2.sh". Now I execute "script1.sh" again with sudo, now it will execute. There is no change on script1.sh, All I done is created a new file in the directory. But now sudo do not ask me password any more. At this point I can execute both scripts with sudo with no password. Which is normal. Now I delete "script2.sh". Now the directory has only 1 file again "script1.sh". I execute script1.sh now it will ask me for password again. All executable file should be executable regardless, I don't know why this is happening. Number of files in directory affects sudo? Version-Release number of selected component (if applicable): [mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo sudo-1.6.9p17-5.el5 How reproducible: Everytime. Steps to Reproduce: Here is the command sequence from the terminal: =============================================== [mdrop@c-in3sf--02-04 bin]$ pwd /usr/local/site/operations/dsh/bin [mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*, /usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/bin/*, /usr/local/site/operations/bin/* [mdrop@c-in3sf--02-04 bin]$ ls -l total 0 [mdrop@c-in3sf--02-04 bin]$ echo "echo test123" > script1.sh ; chmod +x script1.sh [mdrop@c-in3sf--02-04 bin]$ ls -l total 4 -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh Password: [mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh [mdrop@c-in3sf--02-04 bin]$ ls -l total 8 -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh test123 [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script2.sh test123 [mdrop@c-in3sf--02-04 bin]$ rm script2.sh [mdrop@c-in3sf--02-04 bin]$ ls -l total 4 -rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh [mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh Password: [mdrop@c-in3sf--02-04 bin]$ ============================================================ Actual results: $ sudo /usr/local/site/operations/dsh/bin/script1.sh Password: Expected results: $ sudo /usr/local/site/operations/dsh/bin/script1.sh test123 Additional info: