On Mon, Jan 08, 2024 at 07:36:00PM -0600, Mike McClain wrote:
> Yes I'm on Raspberry Debian now but my Devuan system still isn't
> working well enough to post here and I ran into this first on my
> daedalus system.
So there are THREE NON-DEBIAN SYSTEMS in this story?!
> visud0 complains that my hostname can't be found via DNS,
Please show the actual command you're running, and the actual error.
What *is* your hostname? You showed this:
> mike@RPI4b3:~> uname -a
> Linux MikesPI 6.1.0-rpi7-rpi-v8 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1
> (2023-11-24) aarch64 GNU/Linux
But this contains contradictions. Your hostname might be "RPI4b3" or
it might be "MikesPI" or something else entirely.
Is your hostname properly mapped to an IP address in the /etc/hosts
file? Is nsswitch.conf correct? Does "getent hosts $(hostname)"
give a correct-looking response in a reasonable amount of time?
The idea that visudo would *look up your hostname in DNS* is news to
me, and I'm going to insist on some actual *proof* here.
> 'visudo /etc/sudo.conf' shows a line '# Set probe_interfaces
> false'
So, wait, visudo *works* now? I thought it failed with an error.
Also, this command makes no sense. visudo edits the sudoers file, NOT
the sudo.conf file. These are two different files.
> which should tell sudo not to worry whether hostname returns an
> FQDN. Unfortunalely, visudo sees that as a syntax error and sudo
> ignores that line.
Because that line doesn't go in the sudoers file. It goes in the sudo.conf
file. And you're using visudo which expects to see the syntax of sudoers
in the file you're editing.
Here's what sudo.conf(5) on Debian 12 says:
probe_interfaces
By default, sudo will probe the system's network interfaces and
pass the IP address of each enabled interface to the policy plugin.
This makes it possible for the plugin to match rules based on the
IP address without having to query DNS. On Linux systems with a
large number of virtual interfaces, this may take a non-negligible
amount of time. If IP-based matching is not required, network in‐
terface probing can be disabled as follows:
Set probe_interfaces false
This setting is only available in sudo version 1.8.10 and higher.
So the first question is, what version of sudo is on the system...
but you've got THREE DIFFERENT SYSTEMS in this horror show, so I don't
even know which one you're talking about.
Second, what file did you put this line into?
Third, if I'm reading this correctly, adding that line (if your version
of sudo is high enough) would SUPPRESS the feature where it grabs the
IP addresses directly from something equivalent to "ip addr". Without
those IP addresses, sudo will have to look in DNS to find out who you are,
but only if your sudoers file has rules that are host-specific. I think?
Maybe? Gods almighty, what kind of crazy shit are you DOING here? I've
never heard of HALF of this crap! Then again, I have never in my entire
life used host-specific rules in sudoers. Are you doing so?
So anyway, if you want sudo NOT to look things up in DNS, it sounds like
you WANT probe_interface to be true. Setting it to false would seem to
be counterproductive, on top of which you might be putting it in the
wrong file, and/or using the wrong tool to do so.
