Your message dated Sun, 2 Apr 2006 12:51:03 -0700 (PDT)
with message-id <[EMAIL PROTECTED]>
and subject line not a bug
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sudo
Version: 1.6.8p5-1
Severity: normal
In a sudoers:
Runas_Alias MY_USERS = user1, user2, user3
otheruser ALL = (MY_USERS) NOPASSWD: ALL
This allows otheruser to run any command as user1, user2, or user3
without a password, e.g.
[EMAIL PROTECTED] sudo -u user1 somecommand
However, when otheruser attempts to run the same command as an unlisted
user, sudo prompts for a password:
[EMAIL PROTECTED] sudo -u userX somecommand
Password:
In this case, I believe sudo should exit with an error and not prompt
for a password because otheruser is not allowed to run somecommand as
userX by sudoers under any circumstances. This becomes problematic for
non-interactive use since sudo waits on input it should not require.
I can work around this by entering into sudoers:
Defaults:otheruser passwd_tries = 0
but this isn't the right solution in my opinion.
Another workaround is described in http://bugs.debian.org/258013
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.9-9-amd64-k8-smp
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages sudo depends on:
ii libc6 2.3.5-4 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam0g 0.76-22 Pluggable Authentication Modules l
-- no debconf information
--- End Message ---
--- Begin Message ---
The response from LaMont is correct. The behavior you're asking for would leak
information inappropriately. Sorry the current behavior isn't what you most
want, but I'm closing this with no further action taken.
Bdale
--- End Message ---
