Re: SuSE sudo levels

Kim Goldenberg Fri, 30 Nov 2007 13:28:55 -0800

Peter E. Abresch Jr. - at Pepco wrote:

SuSE sudo levels


We are working on a project to consolidate Linux userid management. We are
moving our Linux Users from each Linux Guest and will manage them using
CA-ACF2 and PAM.

Interesting; I'm about to embark on the same process.

However we ran into a slight problem. We use sudo to
control root access and then define the privileged users to group wheel.

I have already set this up, pre-PAM, so I'm interested to see what the
results are. Right now I don't have the problem of having a problem when
wheel is not my primary group.

We do this for all our guests. The problem appears to be sudo not
recognizing group wheel if it is not the users primary group and the group
is assigned outside of /etc/group, for example, ldap. In our case, we
changed nsswitch.conf to reflect the following:

passwd:         CA_esm compat
group:          CA_esm compat

We think this problem has been corrected with sudo version 1.6.9 (see
http://www.sudo.ws/sudo/current.html )

Sudo now uses the supplemental group vector for matching. This fixes
problems with split group lines in /etc/group as well as multiple group
sources in nsswitch.conf.


Here is the problem, we are running the following guests:

SuSE SLES10x SP1 Kernel 2.6.16.53-0.18-default with Sudo version 1.6.8p12

SuSE SLES9x SP3 Kernel 2.6.5-7.287.3 with Sudo version 1.6.7p5

Unfortunately these are the latest versions of sudo that Novell has
released for these Linux Distributions according to YaST. We pay for
updates and patches so the question is, Can we get the latest sudo version
from Novell or do I have to download it and build it myself? If I have to
build it myself, does it void any support type warranties with Novell?

As always, thanks in advance.

Peter

I'll try to keep in the loop here, and please feel fre to contact me and
keep me up to date on what problems you have with ACF2 and the wheel group.

Kim

--
Kim Goldenberg
Systems Programmer I
State of NJ - OIT
609-777-3722
[EMAIL PROTECTED]
[EMAIL PROTECTED]



----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

begin:vcard
fn:Kim Goldenberg
n:Goldenberg;Kim
org:State of New Jersey;Office of Information Technology (OIT)
adr:200 Riverview Plaza;;PO Box 212;Trenton;NJ;08625-0212;USA
email;internet:[EMAIL PROTECTED]
title:Systems Programmer I
tel;work:609-777-3722
tel;fax:609-777-3939
x-mozilla-html:FALSE
url:http://www.state.nj.us
version:2.1
end:vcard

Re: SuSE sudo levels

Reply via email to