This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 603819 - sudo - fix printing of entries with multiple host entries on a single line.
sudo - fix printing of entries with multiple host entries on a single line.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
5.5
All Linux
high Severity high
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
: Patch, Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-14 12:10 EDT by ritz
Modified: 2011-01-13 18:08 EST (History)
4 users (show)

See Also:
Fixed In Version: sudo-1.7.2p1-10.el5
Doc Type: Bug Fix
Doc Text:
When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.
Story Points: ---
Clone Of:
: 603823 (view as bug list)
Environment:
Last Closed: 2011-01-13 18:08:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
patch based on upstream (1.05 KB, patch)
2010-06-14 12:13 EDT, ritz
no flags Details | Diff

  None (edit)
Description ritz 2010-06-14 12:10:50 EDT
Created attachment 423888 [details]
sudoers file

Description of problem:
sudo -l ignores configured commands an mixes up configurations for other hosts.

Version-Release number of selected component (if applicable):
- sudo-1.7.2p1-5.el5.x86_64

How reproducible:
always

Steps to Reproduce:
1. place the attached file in "/etc/sudoers"
2. Update "myhostname" in attached file to reflect your system's hostname
3. login as oracle
4. sudo -l
  
Actual results:
$ sudo -l
Sorry, user oracle may not run sudo on localhost.


Expected results:
$ sudo -l
User oracle may run the following commands on this host:
    (ALL) NOPASSWD: /net/nimserv/appldata/oracle/920_64/Disk1/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/cd1/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh.aix61,
    /net/nimserv/appldata/oracle/10/Client/Disk/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/gc/rootpre/rootpre.sh,
    /db/main/oraInventory/orainstRoot.sh, /db/main/ora920/root.sh,
    /db/main/ora102/root.sh, /db/main/ora10204/root.sh,
    /db/main/admin/oms10g/root.sh, /db/main/ora10204/orainstRoot.sh,
    /db/main/agent10g/root.sh, /db/main/agent/root.sh,
    /db/main/oms10g/oms10g/allroot.sh, /db/main/oms10g/allroot.sh,
    /db/main/agent10gR5/agent10g/root.sh, /usr/sbin/slibclean,
    /oracle/*/920_64/root.sh, /tmp/orainstRoot.sh, /sbin/vgdisplay,
    /sbin/lvdisplay, /sbin/lslv, /sbin/lsvg, /tmp/rootpre/rootpre.sh



Additional info:
http://sudo.ws/repos/sudo/rev/226ceaf91d8d
Comment 1 ritz 2010-06-14 12:13:22 EDT
Created attachment 423889 [details]
patch based on upstream
Comment 8 Jaromir Hradilek 2010-11-29 07:58:37 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.
Comment 10 errata-xmlrpc 2011-01-13 18:08:35 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0079.html

Note You need to log in before you can comment on or make changes to this bug.