Tangental And OT: Commercial Support For 'sudo'
Please forgive the OTishness of this, but I'm hoping some of my fellows in the large data center space may have a hint or two here ... I am working with a firm that needs to run sudo in a variety of OS environments. A few of these - noteably IBM AIX - do not provide vendor support and legal indemnification of many open source packages, sudo among them. This is official a Big Deal (tm) for this company. So ... does anyone know of a commercial concern that provide sudo support and legal indemnification? GratiSoft - the keeper of sudo - were apparently going to do this at one point but decided not to. TIA, Now back to your regularly scheduled discussion of the World's Finest OS... -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tangental And OT: Commercial Support For 'sudo'
Hi, Tim Daneliuk wrote: Please forgive the OTishness of this, but I'm hoping some of my fellows in the large data center space may have a hint or two here ... I am working with a firm that needs to run sudo in a variety of OS environments. A few of these - noteably IBM AIX - do not provide vendor support and legal indemnification of many open source packages, sudo among them. This is official a Big Deal (tm) for this company. So ... does anyone know of a commercial concern that provide sudo support and legal indemnification? GratiSoft - the keeper of sudo - were apparently going to do this at one point but decided not to. It wouldn't surprise me if no firm offered useful legal indemnification with contract terms the lawyer of your firm would consider acceptable. Why suppliers might not like to offer cover: How long is a piece of string ? Define what doors the string connects, contracturaly definie routes limits values of potential consequential damage to data service 3rd parties. How much would lawyers insurance brokers/suppliers push up the price for defining cover ? Reduced motivation to purchase cover anyway in realisation its a grey area, eminently disputable, come a big claim on insurer, he'd be looking for loopholes, so insuree (your firm) could end up sueing insurer. Yet more lawyers insurance fees; a profitable interesting relatively safe software supply business is different from the insurance business. Some managers are clueless, first demand the impossible, don't get it, then compromise without, do business without: One customer demanded as standard, my welding certificate insurance over a million Euros, I refused, offered I would stand on street pass a floppy disk through their fence. It escalated to someone responsible, they abandoned their conditions purchased. Several customers wanted me/my company to accept unlimited risk in event of copyright law suit (possible to research that risk, though still dangerous as even defending frivolous law suits can cost) and to cover risk of software patent litigation (impossible to know risks that lurk, no way!). Iv'e always refused, but offered to help explore contacts in insurance business if customer Really wants to purchase own insurance. After Thinking, they've Always backed down, decided that's Their business operating risk they should shoulder not try to pass to others, as no one else is stupid enough to accept undefinable risk, except possibly at very heavy extra cost debatable usefulness. Even if a firm categorically demands insurance, - does not mean they will get it, - indicates some manager is clueless, foolish or deluded/ aggressive, - shows the firm is a business risk, as it doesn't understand associated business issues. Every cloud has a silver lining. An indemnity contract (if any found) will have legal terms that purchasers lawyer will need to consult a computer professional about. The purchasing firm will end up paying 2 professionals to define its risk, probably decide to skip it, carry it's own risk. PS Another discussion forum to ask on: SAGE, System Administrators Guild Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from Yahoo Hotmail to be dumped @Berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make install fails for /usr/ports/security/sudo after downgrade from 9.0-R to 8-STABLE
On 2 March 2012 14:44, FreeBSD Mailing Lists free...@growveg.net wrote: Hello list, I had to downgrade from 9-R to 8-STABLE. To do this, I did the following: 1. rm -rf /usr/obj 2. pkg_delete -a 3. rm -rf /usr/ports 4. mkdir -p /usr/ports/distfiles 5. rm -rf /usr/src 6. rm -rf /usr/local/* 6. csup 8-STABLE sources 7. csup ports 8. cd /usr/src make cleandir make cleandir make buildworld make buildkernel make installkernel mergemaster -p 9. (merged required files) 10. make installworld mergemaster 11. reboot. Practically everything in ports actually builds. I've installed X, icewm, windowmaker, firefox36, thunderbird, gimp and a few others. I think I've eliminated all the cruft from 9.0. However, I can't build sudo (or screen) and I can't work out why. Here is the error: # make distclean clean install === Cleaning for sudo-1.8.4 === Deleting distfiles for sudo-1.8.4 === License sudo accepted by the user === Found saved configuration for sudo-1.8.3_2 = sudo-1.8.4p2.tar.gz doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch http://www.sudo.ws/sudo/dist/sudo-1.8.4p2.tar.gz === License sudo accepted by the user === Found saved configuration for sudo-1.8.3_2 = sudo-1.8.4p2.tar.gz doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch http://www.sudo.ws/sudo/dist/sudo-1.8.4p2.tar.gz [...] cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./ttyname.c cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./ttysize.c cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./utmp.c ./utmp.c: In function 'utmp_settime': ./utmp.c:132: error: dereferencing pointer to incomplete type ./utmp.c:133: error: dereferencing pointer to incomplete type ./utmp.c: In function 'utmp_fill': ./utmp.c:151: error: dereferencing pointer to incomplete type ./utmp.c:153: error: dereferencing pointer to incomplete type ./utmp.c:154: error: dereferencing pointer to incomplete type ./utmp.c:157: error: dereferencing pointer to incomplete type ./utmp.c:160: error: dereferencing pointer to incomplete type ./utmp.c:160: error: dereferencing pointer to incomplete type ./utmp.c:161: error: dereferencing pointer to incomplete type ./utmp.c:161: error: dereferencing pointer to incomplete type ./utmp.c:166: error: dereferencing pointer to incomplete type ./utmp.c:170: error: dereferencing pointer to incomplete type ./utmp.c: In function 'utmp_login': ./utmp.c:294: error: storage size of 'utbuf' isn't known /bin/sh ../libtool --tag=disable-static --mode=compile cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./sudo_noexec.c ./utmp.c: In function 'utmp_logout': ./utmp.c:343: error: storage size of 'utbuf' isn't known *** Error code 1 libtool: compile: cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./sudo_noexec.c -fPIC -DPIC -o .libs/sudo_noexec.o 1 error *** Error code 2 1 error *** Error code 1 Stop in /usr/ports/security/sudo. *** Error code 1 Stop in /usr/ports/security/sudo. Can anyone help please? Stale header files in /usr/include maybe? -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make install fails for /usr/ports/security/sudo after downgrade from 9.0-R to 8-STABLE
On 03/03/12 12:31, ill...@gmail.com wrote: Stale header files in /usr/include maybe? Hi, Yes that's it. It seems utmp.h got changed to utmpx.h between 8.2 and 9.0. Fixed by csup of 9.0-R and doing the buildworld buildkernel etc. thanks, -- freebsd at growveg dot net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make install fails for /usr/ports/security/sudo after downgrade from 9.0-R to 8-STABLE
On 3 March 2012 14:43, FreeBSD Mailing Lists free...@growveg.net wrote: On 03/03/12 12:31, ill...@gmail.com wrote: Stale header files in /usr/include maybe? Hi, Yes that's it. It seems utmp.h got changed to utmpx.h between 8.2 and 9.0. Fixed by csup of 9.0-R and doing the buildworld buildkernel etc. Hmm, I would think that merely removing the offending file and copying the correct one from /usr/obj/usr/src/tmp/usr/include/ would suffice. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: make install fails for /usr/ports/security/sudo after downgrade from 9.0-R to 8-STABLE
On 04/03/2012 04:36, ill...@gmail.com wrote: Hmm, I would think that merely removing the offending file and copying the correct one from /usr/obj/usr/src/tmp/usr/include/ would suffice. I dunno, I don't think so. Why would it not be installed in the downgrade process? Also, the filenames aren't the same but the functionality (as far as I know) is. It might not have been the only thing broken. Downgrading across minor versions is simple and usually painless but there was a heads-up for the change from utmp.h to utmpx.h in -current back in January so I guess it was considered a major, low-level change and the downgrade couldn't work with that. Anyhow, rebuilding to 9-R has fixed everything as far as I can see, so I'm happy ;) -- freebsd at growveg dot net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
make install fails for /usr/ports/security/sudo after downgrade from 9.0-R to 8-STABLE
Hello list, I had to downgrade from 9-R to 8-STABLE. To do this, I did the following: 1. rm -rf /usr/obj 2. pkg_delete -a 3. rm -rf /usr/ports 4. mkdir -p /usr/ports/distfiles 5. rm -rf /usr/src 6. rm -rf /usr/local/* 6. csup 8-STABLE sources 7. csup ports 8. cd /usr/src make cleandir make cleandir make buildworld make buildkernel make installkernel mergemaster -p 9. (merged required files) 10. make installworld mergemaster 11. reboot. Practically everything in ports actually builds. I've installed X, icewm, windowmaker, firefox36, thunderbird, gimp and a few others. I think I've eliminated all the cruft from 9.0. However, I can't build sudo (or screen) and I can't work out why. Here is the error: # make distclean clean install === Cleaning for sudo-1.8.4 === Deleting distfiles for sudo-1.8.4 === License sudo accepted by the user === Found saved configuration for sudo-1.8.3_2 = sudo-1.8.4p2.tar.gz doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch http://www.sudo.ws/sudo/dist/sudo-1.8.4p2.tar.gz === License sudo accepted by the user === Found saved configuration for sudo-1.8.3_2 = sudo-1.8.4p2.tar.gz doesn't seem to exist in /usr/ports/distfiles/. = Attempting to fetch http://www.sudo.ws/sudo/dist/sudo-1.8.4p2.tar.gz [...] cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./ttyname.c cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./ttysize.c cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./utmp.c ./utmp.c: In function 'utmp_settime': ./utmp.c:132: error: dereferencing pointer to incomplete type ./utmp.c:133: error: dereferencing pointer to incomplete type ./utmp.c: In function 'utmp_fill': ./utmp.c:151: error: dereferencing pointer to incomplete type ./utmp.c:153: error: dereferencing pointer to incomplete type ./utmp.c:154: error: dereferencing pointer to incomplete type ./utmp.c:157: error: dereferencing pointer to incomplete type ./utmp.c:160: error: dereferencing pointer to incomplete type ./utmp.c:160: error: dereferencing pointer to incomplete type ./utmp.c:161: error: dereferencing pointer to incomplete type ./utmp.c:161: error: dereferencing pointer to incomplete type ./utmp.c:166: error: dereferencing pointer to incomplete type ./utmp.c:170: error: dereferencing pointer to incomplete type ./utmp.c: In function 'utmp_login': ./utmp.c:294: error: storage size of 'utbuf' isn't known /bin/sh ../libtool --tag=disable-static --mode=compile cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./sudo_noexec.c ./utmp.c: In function 'utmp_logout': ./utmp.c:343: error: storage size of 'utbuf' isn't known *** Error code 1 libtool: compile: cc -c -I../include -I.. -I. -I.. -I. -O2 -pipe -march=core2 -I/usr/local/include -fno-strict-aliasing -D_BSD_SOURCE -DLOCALEDIR=\/usr/local/share/locale\ ./sudo_noexec.c -fPIC -DPIC -o .libs/sudo_noexec.o 1 error *** Error code 2 1 error *** Error code 1 Stop in /usr/ports/security/sudo. *** Error code 1 Stop in /usr/ports/security/sudo. Can anyone help please? -- freebsd at growveg dot net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo log messages
On Sun, 4 Dec 2011 05:34:19 +0200, Коньков Евгений wrote: hi I add line to syslog.conf and killall -HUP syslogd Tell me please how to stop sudo to food /var/log/messages? There is a short block for that functionality in the file /usr/local/etc/sudo.conf.sample which you can create your own sudo.conf file from. Also see the notes in man sudo, section SECURITY NOTES. Maybe you'll find something useful in the provided documentation at /usr/local/share/doc/sudo/. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo log messages
On Sun, 4 Dec 2011 05:34:19 +0200, Коньков Евгений wrote: Tell me please how to stop sudo to food /var/log/messages? ADDITION: Of course I meant /usr/local/etc/sutoers, NOT sudo.conf. Instead of logging via syslog (to /var/log/messages), why not use a specific log file for sudo? Add those lines to the sudoers file: Defaults logfile=/var/log/sudo.log Defaults !syslog Make sure /var/log/sudo.log exists, and maybe use newsyslog.conf to deal with log rotation and archiving. However, you can easily purge sudo log information this way, if required. The file /usr/local/share/doc/sudo/sample.sudoers contains an example. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re[2]: sudo log messages
Здравствуйте, Polytropon. Вы писали 4 декабря 2011 г., 15:41:45: P On Sun, 4 Dec 2011 05:34:19 +0200, Коньков Евгений wrote: Tell me please how to stop sudo to food /var/log/messages? P ADDITION: Of course I meant /usr/local/etc/sutoers, P NOT sudo.conf. P Instead of logging via syslog (to /var/log/messages), P why not use a specific log file for sudo? Add those P lines to the sudoers file: P Defaults logfile=/var/log/sudo.log P Defaults !syslog P Make sure /var/log/sudo.log exists, and maybe use P newsyslog.conf to deal with log rotation and archiving. P However, you can easily purge sudo log information P this way, if required. P The file /usr/local/share/doc/sudo/sample.sudoers P contains an example. yes, that is not problem, but I want to control logging in one place not in each config file of service I have ran on machine. I have thought that this !sudo *.* /var/log/sudo.log will take off logging in /var/log/messages but this work as log to /var/log/messages and to /var/log/sudo.log =(( -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo log messages
Коньков Евгений kes-...@yandex.ru writes: Здравствуйте, Polytropon. Вы писали 4 декабря 2011 г., 15:41:45: P On Sun, 4 Dec 2011 05:34:19 +0200, Коньков Евгений wrote: Tell me please how to stop sudo to food /var/log/messages? P ADDITION: Of course I meant /usr/local/etc/sutoers, P NOT sudo.conf. P Instead of logging via syslog (to /var/log/messages), P why not use a specific log file for sudo? Add those P lines to the sudoers file: P Defaults logfile=/var/log/sudo.log P Defaults !syslog P Make sure /var/log/sudo.log exists, and maybe use P newsyslog.conf to deal with log rotation and archiving. P However, you can easily purge sudo log information P this way, if required. P The file /usr/local/share/doc/sudo/sample.sudoers P contains an example. yes, that is not problem, but I want to control logging in one place not in each config file of service I have ran on machine. I have thought that this !sudo *.* /var/log/sudo.log will take off logging in /var/log/messages but this work as log to /var/log/messages and to /var/log/sudo.log =(( You are not clear about what you really want. If you want it to log to auth.log instead of messages, then you can use the following in your sudoers file: Defaults syslog=authpriv The sample file that was mentioned earlier is one source for information, but the best source is the sudoers(5) man page. Just search it for syslog and you will find several settings. -- Carl Johnsonca...@peak.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sudo log messages
hi I add line to syslog.conf and killall -HUP syslogd Tell me please how to stop sudo to food /var/log/messages? -- С уважением, Коньков mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sudo 1.7.4 and AD groups
Hi FreeBSD Folks, I'm using Samba 3.5.6 to authenticate logins and manage access on FreeBSD 8.1. With Sudo 1.7.2, I was able to use Active Directory groups in sudoers(5), but this doesn't seem to work in 1.7.4. Versions: $ uname -a FreeBSD cis-mvl.ml.unisa.edu.au 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #0: Tue Jan 11 06:03:08 CST 2011 r...@cis-freebsd.ml.unisa.edu.au:/export/build/obj/export/build/src/sys/VMWARE amd64 $ sudo -V Sudo version 1.7.4p4 $ winbindd -V Version 3.5.6 /etc/nsswitch.conf: group: files winbind hosts: files dns networks: files passwd: files winbind protocols: files rpc:files services: files shells: files /usr/local/etc/pam.d/sudo: authsufficient /usr/local/lib/pam_winbind.so try_first_pass authinclude system account include system session requiredpam_permit.so passwordinclude system /usr/local/etc/sudoers: Defaultsenv_keep+= EDITOR FTP_PASSIVE_MODE HOME PAGER Defaultsinsults Defaultsshell_noargs Defaultssyslog = auth Defaults!tty_tickets rootALL = (ALL) ALL %wheel ALL = (ALL) ALL %cis-sambagroupname ALL = (ALL) ALL Using version 1.7.2: $ /mnt/usr/local/bin/sudo -V Sudo version 1.7.2p6 $ /mnt/usr/local/bin/sudo -l Password: Matching Defaults entries for cis-username on this host: env_keep+=EDITOR FTP_PASSIVE_MODE HOME PAGER, insults, shell_noargs, syslog=auth, !tty_tickets User cis-username may run the following commands on this host: (ALL) ALL Using version 1.7.4: $ sudo -V Sudo version 1.7.4p4 $ sudo -l Password: Sorry, user cis-username may not run sudo on cis-mvl. The group looks correct: $ getent group cis-sambagroupname cis-sambagroupname:x:169013:cis-,iee-XX,cis-,cis-username,cis-XXX,cis-XX And if I add my username to sudoers(5), it works fine. Any suggestions? Thanks Rob. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo anomaly
Steven Friedrich free...@insightbb.com wrote: ... tried sudo mail. I got root's mailbox nd I deleted all but two emails. When I q(uit) mail, it said it saved 2 messages in mbox. But when I try to go back in it says I don't have any mail. There is no root directory in /var/mail. Did sudo lose my mbox? mbox != the (input) system mailbox. Chances are, those 2 messages are in /root/mbox ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo anomaly
On Sunday 26 September 2010 11:21:50 pm you wrote: From free...@insightbb.com Sun Sep 26 18:14:09 2010 From: Steven Friedrich free...@insightbb.com To: Robert Bonomi bon...@mail.r-bonomi.com Subject: Re: sudo anomaly Date: Sun, 26 Sep 2010 19:16:00 -0400 On Sunday 26 September 2010 2:38:06 pm you wrote: From owner-freebsd-questi...@freebsd.org Sun Sep 26 11:46:43 2010 From: Steven Friedrich free...@insightbb.com To: freebsd-questions@freebsd.org Date: Sun, 26 Sep 2010 12:47:29 -0400 Subject: sudo anomaly I have a userID, admin, that I add to my systems to use when I perform system admin functions. I also use this ID when using X-windows, never starting X as root user. So I needed to check my mail for daily run outputs and so I tried to use su then mail, but I got admin's mail. So I exited su, and tried sudo mail. I got root's mailbox nd I deleted all but two emails. When I q(uit) mail, it said it saved 2 messages in mbox. But when I try to go back in it says I don't have any mail. There is no root directory in /var/mail. All that is correct. Did sudo lose my mbox? Nope. _you_ did. The good news is that you merely misplaced it -- it _is_ were it's always been, you're just looking in the wrong place for it.` 'mbox' != 'incoming mailbox' Can anyone verify this anomaly? no anomaly. simple *USER* error. Look in root's _HOME_DIRECTORY_. You'll find a file called 'mbox' =there=. That's where 'already read' mail is saved. When logged in as root, use 'mail -f mbox' to see your old mail. BTW, if you 'su root' and _then_ set evnrionment variable 'USER' to 'root', mail(1) _will_ fetch root's mail. Thanks. I used mail under unix eons ago, and I don't remember ever having to use a switch to get saved mail, but perhaps I've simply forgotten. I use KMail and Thunderbird (under Winblows), but I needed to check daily output scripts... did you use 'su root' or 'su - root'? the '-' makes a humongous difference. Thanks, I had forgotten about that... -- System Name: laptop2.StevenFriedrich.org Hardware: 2.80GHz Intel Pentium 4 (HTT) with 2 GB memory OS version:FreeBSD 8.1-RELEASE i386 (6.9 MB kernel) manager(s):kde4-4.5.1 X windows: xorg-7.5X.Org X Server 1.7.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sudo anomaly
I have a userID, admin, that I add to my systems to use when I perform system admin functions. I also use this ID when using X-windows, never starting X as root user. So I needed to check my mail for daily run outputs and so I tried to use su then mail, but I got admin's mail. So I exited su, and tried sudo mail. I got root's mailbox nd I deleted all but two emails. When I q(uit) mail, it said it saved 2 messages in mbox. But when I try to go back in it says I don't have any mail. There is no root directory in /var/mail. Did sudo lose my mbox? Can anyone verify this anomaly? -- System Name: laptop2.StevenFriedrich.org Hardware: 2.80GHz Intel Pentium 4 (HTT) with 2 GB memory OS version:FreeBSD 8.1-RELEASE i386 (6.9 MB kernel) manager(s):kde4-4.5.1 X windows: xorg-7.5X.Org X Server 1.7.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
me gurpreet...@gmail.com writes: Hi, Upon doing sudo some-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. in other words: % sudo mkdir /newdir sudo asks for password authentication, creates the directory after successful authentication % sudo -k % sudo -K % sudo mkdir /another_new_dir sudo don't ask for password authentication, and creates the directory In sudoers file, NOPASSWD is NOT set. here is my sudeors file: http://pastebin.com/WFnXCLE1 Output of uname -a: FreeBSD foo.bar 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Is this known bug? If not, then it might have security implications. It certainly might, for anyone using the -[kK] options. However, I can't reproduce it. Works as advertised when I try your example. The only settings in my sudoers file are timestamp_timeout=90,insults,!tty_tickets,!env_reset (for my own account only). And your sudoers file seems to be factory standard. I don't think sudo even knows about pam(3), so I'm not sure what could be happening here... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
Hi, Lowell Gilbert wrote: megurpreet...@gmail.com writes: Upon doing sudosome-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. [...] I don't think sudo even knows about pam(3), so I'm not sure what could be happening here... Maybe there is something funny with sudo's timestamp directory? If it is mounted with option `noatime' it may have consequences similar to what you discribe. Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
I don't see anything suspicious in the timestamp directory: foo% sudo ls -l /var/run/sudo/ total 12 drwx-- 2 root wheel 512 Aug 2 01:06 gurpreet drwx-- 2 root wheel 512 Aug 2 00:37 other drwx-- 2 root wheel 512 Aug 2 00:37 third foo% sudo ls -l /var/run/sudo/gurpreet total 8 -rw--- 1 root wheel 20 Aug 2 01:07 0 -rw--- 1 root wheel 20 Aug 2 00:59 1 also, the FS containing this directory (/ itself) is mounted without noatime. foo% mount /dev/ad0s1a on / (ufs, local) devfs on /dev (devfs, local, multilabel) 2010/8/2 Michael Grünewald michael.grunew...@laposte.net Hi, Lowell Gilbert wrote: megurpreet...@gmail.com writes: Upon doing sudosome-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. [...] I don't think sudo even knows about pam(3), so I'm not sure what could be happening here... Maybe there is something funny with sudo's timestamp directory? If it is mounted with option `noatime' it may have consequences similar to what you discribe. Michael -- Life is not fair. Get used to it. Be nice to nerds. Chances are you'll end up working for one. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
... I'm no longer going to answer questions past 11 o'clock GMT. Sorry! Chris Sorry for top-posting, Android won't let me quote, but K-9 can't yet do threading. On 31 Jul 2010 03:05, Michael Toth freebsd.mt...@queldor.net wrote: On 07/30/2010 06:00 PM, Chris Rees wrote: It's by design. There's a timeout that you can set, ... Chris, That is not by design. sudo -K should remove the timestamp -- sudo -K The -K (sure kill) option is like -k except that it removes the user's time stamp entirely and may not be used in conjunction with a command or other option. This option does not require a password. -- Gurpreet, I am not sure if this is a known bug, I was not able to duplicate this on Freebsd 7.2 running sudo 1.6.9p20 Sorry for top-posting, Android won't let me quote, but K-9 can't yet do threading. On 30... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sudo -K/-k ineffective
Hi, Upon doing sudo some-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. in other words: % sudo mkdir /newdir sudo asks for password authentication, creates the directory after successful authentication % sudo -k % sudo -K % sudo mkdir /another_new_dir sudo don't ask for password authentication, and creates the directory In sudoers file, NOPASSWD is NOT set. here is my sudeors file: http://pastebin.com/WFnXCLE1 Output of uname -a: FreeBSD foo.bar 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Is this known bug? If not, then it might have security implications. Regards, Gurpreet Singh -- Life is not fair. Get used to it. Be nice to nerds. Chances are you'll end up working for one. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
It's by design. There's a timeout that you can set, try man sudo. Chris Sorry for top-posting, Android won't let me quote, but K-9 can't yet do threading. On 30 Jul 2010 21:43, me gurpreet...@gmail.com wrote: Hi, Upon doing sudo some-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. in other words: % sudo mkdir /newdir sudo asks for password authentication, creates the directory after successful authentication % sudo -k % sudo -K % sudo mkdir /another_new_dir sudo don't ask for password authentication, and creates the directory In sudoers file, NOPASSWD is NOT set. here is my sudeors file: http://pastebin.com/WFnXCLE1 Output of uname -a: FreeBSD foo.bar 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Is this known bug? If not, then it might have security implications. Regards, Gurpreet Singh -- Life is not fair. Get used to it. Be nice to nerds. Chances are you'll end up working for one. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo -K/-k ineffective
On 07/30/2010 06:00 PM, Chris Rees wrote: It's by design. There's a timeout that you can set, try man sudo. Chris Chris, That is not by design. sudo -K should remove the timestamp -- sudo -K The -K (sure kill) option is like -k except that it removes the user's time stamp entirely and may not be used in conjunction with a command or other option. This option does not require a password. -- Gurpreet, I am not sure if this is a known bug, I was not able to duplicate this on Freebsd 7.2 running sudo 1.6.9p20 Sorry for top-posting, Android won't let me quote, but K-9 can't yet do threading. On 30 Jul 2010 21:43, megurpreet...@gmail.com wrote: Hi, Upon doing sudosome-command as a normal user (non-root), sudo asks for password only once, subsequent invocations of sudo doesn't ask for password - even though I do sudo -k or sudo -K in between. Although sudo starts asking for password after the time stamp expiry. in other words: % sudo mkdir /newdir sudo asks for password authentication, creates the directory after successful authentication % sudo -k % sudo -K % sudo mkdir /another_new_dir sudo don't ask for password authentication, and creates the directory In sudoers file, NOPASSWD is NOT set. here is my sudeors file: http://pastebin.com/WFnXCLE1 Output of uname -a: FreeBSD foo.bar 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Is this known bug? If not, then it might have security implications. Regards, Gurpreet Singh -- Life is not fair. Get used to it. Be nice to nerds. Chances are you'll end up working for one. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sudo last login message and how to turn it off FreeBSD8.0
I have actually seen this on some FreeBSD6.3 systems and thought it was a querk. It may still be a querk but it has started again on an 8.0 system. I think I am doing something to cause it, but I am not sure. When one executes a sudo command, I get a last login message which reflects the last time I ran sudo. Example: [mar...@pilot ~]$ sudo whoami Password: Last login: Thu Jun 24 13:07:20 from pilot.it.okstate root There is another FreeBSD8.0 system here that has not yet behaved this way so I did something to the test system to make it start. Any ideas as to what to look at? Thank you. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo last login message and how to turn it off FreeBSD8.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/06/2010 19:41:04, Martin McCormick wrote: When one executes a sudo command, I get a last login message which reflects the last time I ran sudo. Example: Any ideas as to what to look at? /usr/local/etc/pam.d/sudo probably. The 'last login' message usually comes from login(1), but I don't see why sudo(8) would invoke login unless you were running 'sudo -i ...' Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwjqvcACgkQ8Mjk52CukIwujgCeMHtly4qM+OBb0DeuqkhEW6se syAAniA6VgJ86bUgWHS90TVDb9d73i1k =gz+A -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo last login message and how to turn it off FreeBSD8.0
On Thu, 24 Jun 2010 13:41:04 -0500
Martin McCormick mar...@dc.cis.okstate.edu wrote:
I have actually seen this on some FreeBSD6.3 systems and thought
it was a querk. It may still be a querk but it has started again
on an 8.0 system. I think I am doing something to cause it, but
I am not sure.
When one executes a sudo command, I get a last login
message which reflects the last time I ran sudo. Example:
[mar...@pilot ~]$ sudo whoami
Password:
Last login: Thu Jun 24 13:07:20 from pilot.it.okstate
root
There is another FreeBSD8.0 system here that has not yet
behaved this way so I did something to the test system to make
it start.
Any ideas as to what to look at?
I experienced the same problem and I just disabled /var/log/{userlog,lastlog}:
# ls -ltro /var/log/|grep uchg
-rw--- 1 root wheel uappnd,uchg,uunlnk 1 May 9 08:59 userlog
-rw-r--r-- 1 root wheel uappnd,uchg,uunlnk 1 May 9 18:50 lastlog
Hope this helps.
Regards,
--
Anh Ky Huynh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Upgrading sudo to 1.7.2.2 doesn't work with OPIE
I'm using FreeBSD 8-STABLE from yesterday. I had sudo 1.6.9.20 installed and used portupgrade to upgrade it to 1.7.2.2. At this point, it stopped working: $ sudo -v otp-md5 [something] Password: Sorry, try again. otp-md5 [something] Password: Sorry, try again. otp-md5 [something] Password: Sorry, try again. sudo: 3 incorrect password attempts This is using the dist sudoers file, edited to allow me to use it. Reverting to the previous version works correctly: # pkg_delete -f sudo-1.7.2.2 # pkg_add sudo-1.6.9.20.tbz Will not overwrite existing /usr/local/etc/sudoers file. # exit $ sudo -v otp-md5 [something] Password: $ Any idea why that may be or how I could troubleshoot it, short of bisecting the sudo releases until I find the culprit? -- Kirk Strauser ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Upgrading sudo to 1.7.2.2 doesn't work with OPIE
On 02/04/2010 10:26 AM, Kirk Strauser wrote: Any idea why that may be or how I could troubleshoot it, short of bisecting the sudo releases until I find the culprit? Eh, did it anyway. The problem was with a change added between 1.7.2p1 and 1.7.2p2. This patch fixes it: --- auth/pam.c.orig 2010-02-04 10:43:28.635212518 -0600 +++ auth/pam.c 2010-02-04 10:43:34.194558424 -0600 @@ -107,13 +107,6 @@ } /* - * Set PAM_RUSER to the invoking user (the from user). - * We set PAM_RHOST to avoid a bug in Solaris 7 and below. - */ -(void) pam_set_item(pamh, PAM_RUSER, user_name); -(void) pam_set_item(pamh, PAM_RHOST, user_host); - -/* * Some versions of pam_lastlog have a bug that * will cause a crash if PAM_TTY is not set so if * there is no tty, set PAM_TTY to the empty string. I'll file a bug with the sudo folks, but if anyone else is having the same problem, this should get you running in the mean time. -- Kirk Strauser ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sudo script not executing
Hello, I have an sh script that is called by the www process which has a shell that defaults to /sbin/nologin I have configured the sudoers file with these settings: www ALL=(www) NOPASSWD: /usr/local/bin/postfixadmin-domain- postdeletion.sh And It does not seem to be able to execute… Sorry, user www is not allowed to execute '/usr/local/bin/ postfixadmin-mailbox-postdeletion.sh y...@test.com test.com' as www on newmail.rmm.fr . The file I am trying to delete is also owned by a non privileged user… ?? Any clue Gregober --- PGP ID -- 0x1BA3C2FD bsd @at@ todoo.biz P Please consider your environmental responsibility before printing this e-mail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sudo script not executing
bsd wrote: I have an sh script that is called by the www process which has a shell that defaults to /sbin/nologin I have configured the sudoers file with these settings: www ALL=(www) NOPASSWD: /usr/local/bin/postfixadmin-domain- postdeletion.sh And It does not seem to be able to execute? Sorry, user www is not allowed to execute '/usr/local/bin/ postfixadmin-mailbox-postdeletion.sh y...@test.com test.com' as www on newmail.rmm.fr . The file I am trying to delete is also owned by a non privileged user? ?? The user www is www, so you shouldn't need to sudo to run as that account. Did you mean to setup the rule for the postfix user? Or a postfix target account? That said, I think what you typed should have worked. You shouldn't have seen www is not allowed to execute ... as www, because your sudoers file says otherwise. Assuming your account has full sudo, what do you see if you type: $ sudo -u www sudo -l Hopefully, because of the NOPASSWD in there, you won't have to produce www's password. Is your script (postfixadmin-domain-postdeletion.sh) readable and executable by user www? Do you have any trailing characters or something on the line with your sudo rule which might make sudo think you've typed a literal command with arguments instead of a command that can be run with arbitrary arguments? -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgphSFQguJkgd.pgp Description: PGP signature
Re: 'alias' + sudo
On Thu, Sep 03, 2009 at 08:10:36PM -0400, Jerry wrote: On Fri, 4 Sep 2009 01:34:05 +0200 Mel Flynn wrote: alias spico='/usr/local/bin/sudo pico -m' and be done with it. Instead of an extra alias, why not export $VISUAL or $EDITOR, and rely on sudoedit(8)? That is what I am currently doing; however,there are other commands that I want to use that are not available when used via sudo without modifying the alias. I did not realize that sudo had such a limitation. It's not a limitation. It's a feature. ;-) Re-read the sudo manpage. I'd be surprised if most of your aliases would ever require root privileges, and are anything but one-off shortcuts for your personal use. For those that do, I'd suggest replacing them with a function (or script) that tests for root privileges (using something like id(1)), and invokes sudo when appropriate. Otherwise, you may want to consider using 'su -m'. That will your current environment unmodified and all your existing aliases will remain available for use. -- George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Fri, Sep 4, 2009 at 10:50 AM, George Davidovichfree...@optimis.net wrote: On Thu, Sep 03, 2009 at 08:10:36PM -0400, Jerry wrote: On Fri, 4 Sep 2009 01:34:05 +0200 Mel Flynn wrote: alias spico='/usr/local/bin/sudo pico -m' and be done with it. Instead of an extra alias, why not export $VISUAL or $EDITOR, and rely on sudoedit(8)? That is what I am currently doing; however,there are other commands that I want to use that are not available when used via sudo without modifying the alias. I did not realize that sudo had such a limitation. It's not a limitation. It's a feature. ;-) Re-read the sudo manpage. I'd be surprised if most of your aliases would ever require root privileges, and are anything but one-off shortcuts for your personal use. For those that do, I'd suggest replacing them with a function (or script) that tests for root privileges (using something like id(1)), and invokes sudo when appropriate. Otherwise, you may want to consider using 'su -m'. That will your current environment unmodified and all your existing aliases will remain available for use. -- George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org There is a way for what you are wanting to do. Make an alias for sudo that looks like this sudo='sudo -E (Your default shell) Since I use zsh my alias looks like this sudo='sudo -E zsh' It perserves all of your aliases, paths, and everything else . -- - Amiga, The Computer for the creative Mind! - UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity. - People who hate Microsoft Windows use Linux but people who love UNIX use BSD. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Wednesday 02 September 2009 13:26:59 Jerry wrote: I have set up several 'alias' definitions in my .bashrc file. They are honored when run as either a regular user or as root. However, when I prefix a command with 'sudo', the alias is no longer honored. In other words, the actual command is run;however, any flags that I was passing to it via 'alias' are lost. How can I circumvent this annoyance. Example, I often use 'pico' from within 'xterm'. I set up an alias that causes pico to use the mouse; i.e., pico -m which works fine as long as I do not prefix the command with 'sudo' alias spico='/usr/local/bin/sudo pico -m' and be done with it. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Fri, 4 Sep 2009 01:34:05 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: alias spico='/usr/local/bin/sudo pico -m' and be done with it. That is what I am currently doing; however,there are other commands that I want to use that are not available when used via sudo without modifying the alias. I did not realize that sudo had such a limitation. -- Jerry ges...@yahoo.com Recursion is the root of computation since it trades description for time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Friday 04 September 2009 02:10:36 Jerry wrote: On Fri, 4 Sep 2009 01:34:05 +0200 Mel Flynn mel.flynn+fbsd.questi...@mailing.thruhere.net wrote: alias spico='/usr/local/bin/sudo pico -m' and be done with it. That is what I am currently doing; however,there are other commands that I want to use that are not available when used via sudo without modifying the alias. I did not realize that sudo had such a limitation. It doesn't. alias has the limitation. As far as alias is concerned, a command is the first thing on the command line, and for good reason, as you don't want it to look further along the command line and attempt to expand everything. So the shell only changes the command that is really run, when the first word matches an alias. Sudo or any app for that matter, never knew it was run through an alias. However.reading through the bash manpage: If the last character of the alias value is a blank, then the next command word following the alias is also checked for alias expansion. So.: $ alias sudo='/usr/local/bin/sudo ' $ alias pico='vim --version' $ sudo pico VIM - Vi IMproved 7.2 (2008 Aug 9, compiled Jul 21 2009 13:22:46) Included patches: 1-6, 8-35, 37-48, 50-70, 73, 75-87, 90-92, 94-100, 102-137, 139-149, 151-171, 173-190, 192-193, 195-203, 206-209 Howeverbe aware of the consequences. If someone compromises your account, then setting: alias ls='/tmp/mkroot' and you running: sudo ls He just got root. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
'alias' + sudo
I have set up several 'alias' definitions in my .bashrc file. They are honored when run as either a regular user or as root. However, when I prefix a command with 'sudo', the alias is no longer honored. In other words, the actual command is run;however, any flags that I was passing to it via 'alias' are lost. How can I circumvent this annoyance. Example, I often use 'pico' from within 'xterm'. I set up an alias that causes pico to use the mouse; i.e., pico -m which works fine as long as I do not prefix the command with 'sudo' -- Jerry ges...@yahoo.com I just need enough to tide me over until I need more. Bill Hoest ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On 9/2/09, Jerry ges...@yahoo.com wrote: I have set up several 'alias' definitions in my .bashrc file. They are honored when run as either a regular user or as root. However, when I prefix a command with 'sudo', the alias is no longer honored. In other words, the actual command is run;however, any flags that I was passing to it via 'alias' are lost. How can I circumvent this annoyance. Example, I often use 'pico' from within 'xterm'. I set up an alias that causes pico to use the mouse; i.e., pico -m which works fine as long as I do not prefix the command with 'sudo' Because sudo calls the binary, via SUID on sudo. It doesn't pay attention to user profiles or rc files (like .bashrc). I don't use sudo, so I can't recommend past that. --TJ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Wed, 2 Sep 2009 13:06:28 -0600 Tim Judd taj...@gmail.com wrote: [snip] Because sudo calls the binary, via SUID on sudo. It doesn't pay attention to user profiles or rc files (like .bashrc). I don't use sudo, so I can't recommend past that. In other words, sudo is not compatible with the bash 'alias' feature. Is that correct? I Googled and found several references to sudo and alias; however, no consensus on how to circumvent the problem. -- Jerry ges...@yahoo.com In response to President Obama's complaint that FOX News doesn't show enough Black and Hispanic people on their network, FOX has announced that they will now air America's Most Wanted TWICE a week. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
In the last episode (Sep 02), Jerry said: On Wed, 2 Sep 2009 13:06:28 -0600 Tim Judd taj...@gmail.com wrote: Because sudo calls the binary, via SUID on sudo. It doesn't pay attention to user profiles or rc files (like .bashrc). I don't use sudo, so I can't recommend past that. In other words, sudo is not compatible with the bash 'alias' feature. Is that correct? I Googled and found several references to sudo and alias; however, no consensus on how to circumvent the problem. sudo does not run root's shell at all; it directly runs whatever is given it on the commandline. Workarounds include creating an alias that includes sudo in it (alias rootpicom='sudo pico -m'), or creating a shell script that runs what your alias would have, so you can run sudo picom: /usr/local/bin/picom #! /bin/sh pico -m $@ -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 'alias' + sudo
On Wed, 2 Sep 2009 15:06:48 -0500, Dan Nelson dnel...@allantgroup.com wrote: sudo does not run root's shell at all; it directly runs whatever is given it on the commandline. Another idea would to be to call sudo with the desired shell as argument (in order to inherit the aliases), followed by a command as argument to the shell (in order to execute a particular command), something like % sudo bash -c my_command_alias It may be possible that bash requires an additional argument to tell it to read ~/.bashrc when invoked in a non-interactive manner. Keep in mind that I haven't tried this solution because I don't use bash on a regular basis. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: weird permissions on directories when installing ports through sudo
On 02/19/2009 15:56, Aleksandr Miroslav wrote: For the longest time, I have installed ports via the sudo make install or sudo portupgrade or sudo portinstall method and never had a problem. This seems to have jumped up and bitten me on the arse as well. I believe the problem lies herein: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/sudo/distinfo?rev=1.61 It appears that sudo has been changed following a security issue. I use a more restrictive umask than the default. I suspect you do as well. The sudo change now implements a union of umasks, therefore never lowering the umask of the person running sudo. This had the effect of truly screwing up many installed ports for me (I do the same as you `sudo portupgrade`). I'm not blaming the fix... just whining about it. The fix for me was to deinstall and reinstall and problem ports using root himself. I suspect though you could fix it other ways by fiddling with your usmask, and/or altering the sudo config files. Recently, as of a few weeks ago, I started noticing that ports that were installed or upgraded were getting the wrong permissions. Not only were directories getting permissions of 700 (whereas previously they had been 755), but the directories /usr/local and entries in /var/db/pkg were getting permissions of 700. This is causing a lot of things to break, and I have to manually go in and make everything public for it to work again. This only happens when I build ports via sudo. If I am root and I run make install, everything works fine. yeah. Me too. :) I haven't changed anything recently either in sudo, or my umask. What can I do to fix this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Regards, Eric signature.asc Description: OpenPGP digital signature
Re: weird permissions on directories when installing ports through sudo
lowering the umask of the person running sudo. This had the effect of truly screwing up many installed ports for me Maybe try sudo -H -u root [command] NetBSD Pkgsrc is nice in this respect because it has sudo(8) integration in the MKs. ~BAS signature.asc Description: This is a digitally signed message part
Re: weird permissions on directories when installing ports through sudo
On 02/25/2009 11:49, Brian A. Seklecki wrote: lowering the umask of the person running sudo. This had the effect of truly screwing up many installed ports for me Maybe try sudo -H -u root [command] NetBSD Pkgsrc is nice in this respect because it has sudo(8) integration in the MKs. ~BAS I didn't think this would do much, but gave it a try anyway And it doesn't help. :/ The following command prior to the change resulted in root's umask being displayed: sudo -H -u root umask Whereas after the change in sudo I mentioned, the union of mine and root's is presented. I looked at the security issue mentioned in the commit log, and I'm not sure this change was required in order to fix it. Anyone have thoughts on why this change was made? I'd argue POLA was broken here. But I don't keep up with sudo developments (aside from using it). -- Regards, Eric signature.asc Description: OpenPGP digital signature
Re: weird permissions on directories when installing ports through sudo
I didn't think this would do much, but gave it a try anyway And it doesn't help. :/ I think i meant '-i' -- but I'd have to look at the patch`s interaction. I can't recreate the problem in the 1.6.x we're running in our internal release engineering. 1.7.x, and its associated backport, created the local brouhaha with groups credential crashing. Perhaps next time a -dev extension of the port should roll for a few months (6-9), especially given the history of sudo releng. ~BAS signature.asc Description: This is a digitally signed message part
sudo, LDAP, and Kerberos
I'm setting up a centralized Kerberos/LDAP authentication system and trying to get sudo to use a) Kerberos for the password, and b) LDAP for a non-local user's group. Locally on a client system /etc/sudoers specifies %sysadmin to be able to sudo to root. I don't need to move sudoers to LDAP just yet. I've had success on some machines compiling sudo from source with --enable-kerb5 and --enable-ldap. But on many other systems sudo segfaults, or returns bus errors, and overall gave me nothing but grief. So I'm looking for alternate ways of supplying sudo with a user's group. Is it possible to compile sudo (without kerberos and ldap support) and configure a pam.d file (/etc/pam.d/sudo) to interact with kerberos and LDAP? I created a sudo file with authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_krb5.so warn try_first_pass ... and running sudo (compiled with only a ./configure, no other options) as a non-local user I successfully authenticate, but then sudo has no idea of the group this user belongs to and says not in the sudoers file. Is it possible to use PAM as a go-between for sudo and the remote LDAP system to provide sudo with the user's group info? How has everyone else set up a central auth system? Seems to me sudo's configure script has some flaws and I don't want to rely on it. Maybe there's a better way, but aside from sudo acting up, the above would be a fine set up for me. Any pointers appreciated. - Darek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo multiple commands at once without shell script
How do I run multiple sudo commands at once? This fails because the semicolon ends the whole sudo command: sudo whoami; whoami root user This confuses tcsh: monica:~ sudo ( whoami ; whoami ) Badly placed ()'s. I could obviously write a shell script or something or do: sudo whoami; sudo whoami but is there a better way? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo multiple commands at once without shell script
How do I run multiple sudo commands at once? This fails because the semicolon ends the whole sudo command: sudo whoami; whoami root user This confuses tcsh: monica:~ sudo ( whoami ; whoami ) Badly placed ()'s. Supposing sudo spawns a shell, something like ~ sudo whoami \; whoami or ~ sudo whoami; whoami should work. If not, maybe try explicitly running a shell: ~ sudo sh -c whoami; whoami ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo multiple commands at once without shell script
This works for me: sudo sh -c whoami;whoami On Oct 25, 2008, at 9:11 PM, Kelly Jones wrote: How do I run multiple sudo commands at once? This fails because the semicolon ends the whole sudo command: sudo whoami; whoami root user This confuses tcsh: monica:~ sudo ( whoami ; whoami ) Badly placed ()'s. I could obviously write a shell script or something or do: sudo whoami; sudo whoami but is there a better way? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sudo,pam,and winbindd issue
All, I am having a wierd problem with sudo on a FreeBSD 7 system that is joined to AD domain through Samba. When I sudo a command, when prompted for a password, any password including a blank one works. Obviously a security issue. Here are the config files: /usr/local/etc/sudoers rootALL=(ALL) ALL %wheel ALL=(ALL) ALL /etc/pam.d/sudo authsufficient pam_winbind.so /etc/nsswitch.conf group: files winbind passwd: files winbind hosts: dns files Any ideas? David Wassman, MCSA MCP Net+ Security+ IT Network Administrator Davis, Monk Company (800) 344-5034 (352) 372-6300 (352) 375-1583 FAX The information contained in this electronic message is legally privileged and confidential under applicable law, and is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any dissemination, copying or disclosure of this communication is strictly prohibited. If you have received this communication in error, please notify Davis, Monk Company (352) 372-6300 and delete this communication immediately without reading it, making any copies of it or distributing it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cutecom requires sudo to work, but minicom works without - permissions?
On Thu, Apr 17, 2008 at 1:50 PM, Ruben de Groot [EMAIL PROTECTED] wrote: On Tue, Apr 15, 2008 at 09:11:33AM -0500, Derek Ragona typed: At 07:39 PM 4/14/2008, Steve Franks wrote: I have two terminal programs - cutecom and minicom, both built from ports with no tweaks. Minicom will fire up and hit the serial port just fine, but cutecom can't open it except with sudo. I tried tweaking devfs.conf (as well as a straight chmod on /dev/cuad0), and it doesn't seem to rectify the problem. I've also got several linux ports that hit usb devices via libusb that won't connect without sudo - obviously, I'd like not to have to run user-type apps with sudo on my system Thanks, Steve You may want to try chown the device as well as chmod'ing it. If this works you will likely need a script to reset these settings on reboot. You can add a cron job under root to do this @reboot. A more convenient option is putting the user who starts whateven terminal program into the dialers group Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Or use devfs.conf(5), devfs.rules(5) if you don't like the dialers group. -- ~ vb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cutecom requires sudo to work, but minicom works without - permissions?
On Tue, Apr 15, 2008 at 09:11:33AM -0500, Derek Ragona typed: At 07:39 PM 4/14/2008, Steve Franks wrote: I have two terminal programs - cutecom and minicom, both built from ports with no tweaks. Minicom will fire up and hit the serial port just fine, but cutecom can't open it except with sudo. I tried tweaking devfs.conf (as well as a straight chmod on /dev/cuad0), and it doesn't seem to rectify the problem. I've also got several linux ports that hit usb devices via libusb that won't connect without sudo - obviously, I'd like not to have to run user-type apps with sudo on my system Thanks, Steve You may want to try chown the device as well as chmod'ing it. If this works you will likely need a script to reset these settings on reboot. You can add a cron job under root to do this @reboot. A more convenient option is putting the user who starts whateven terminal program into the dialers group Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cutecom requires sudo to work, but minicom works without - permissions?
At 07:39 PM 4/14/2008, Steve Franks wrote: I have two terminal programs - cutecom and minicom, both built from ports with no tweaks. Minicom will fire up and hit the serial port just fine, but cutecom can't open it except with sudo. I tried tweaking devfs.conf (as well as a straight chmod on /dev/cuad0), and it doesn't seem to rectify the problem. I've also got several linux ports that hit usb devices via libusb that won't connect without sudo - obviously, I'd like not to have to run user-type apps with sudo on my system Thanks, Steve You may want to try chown the device as well as chmod'ing it. If this works you will likely need a script to reset these settings on reboot. You can add a cron job under root to do this @reboot. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cutecom requires sudo to work, but minicom works without - permissions?
I have two terminal programs - cutecom and minicom, both built from ports with no tweaks. Minicom will fire up and hit the serial port just fine, but cutecom can't open it except with sudo. I tried tweaking devfs.conf (as well as a straight chmod on /dev/cuad0), and it doesn't seem to rectify the problem. I've also got several linux ports that hit usb devices via libusb that won't connect without sudo - obviously, I'd like not to have to run user-type apps with sudo on my system Thanks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sudo Commands on New 6.2 System Cause Last Login Message.
I noticed that every sudo command I issue is accompanied by a Last login message. 25testokcns root $ls .hushlogin ls: .hushlogin: No such file or directory 26testokcns root $sudo touch .hushlogin Last login: Thu Apr 3 11:38:24 from testokcns.osuokc 27testokcns root $sudo date Last login: Thu Apr 3 11:41:10 from testokcns.osuokc Thu Apr 3 11:41:17 CDT 2008 I was trying to see if a .hushlogin file in /root might snuff out the messages, but it had no effect. The commands always work but I would rather not get that message each time. Am I missing something obvious? Thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo Commands on New 6.2 System Cause Last Login Message.
On Thursday 03 April 2008 01:06:37 pm Martin McCormick wrote: I noticed that every sudo command I issue is accompanied by a Last login message. 25testokcns root $ls .hushlogin ls: .hushlogin: No such file or directory 26testokcns root $sudo touch .hushlogin Last login: Thu Apr 3 11:38:24 from testokcns.osuokc 27testokcns root $sudo date Last login: Thu Apr 3 11:41:10 from testokcns.osuokc Thu Apr 3 11:41:17 CDT 2008 I was trying to see if a .hushlogin file in /root might snuff out the messages, but it had no effect. The commands always work but I would rather not get that message each time. Am I missing something obvious? Thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Well, it IS odd that you're using sudo when logged in as root 8o) Did you edit /usr/local/etc/sudoers ? I tried you're commands here and I don't get the Last login message. I'm currently running 7.0-RELEASE, but this machine was originally installed way back during 5.x days and I installed sudo way back then. In sudoers, do you have rootALL=(ALL) ALL ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo Commands on New 6.2 System Cause Last Login Message.
Steven Friedrich writes: 26testokcns root $sudo touch .hushlogin Well, it IS odd that you're using sudo when logged in as root 8o) I was cd'd to the /root directory, but was logged in as me. It kind of got me there for a second, but notice the $ in the prompt. Interestingly enough, sudo -v doesn't cause this message. Did you edit /usr/local/etc/sudoers ? I tried you're commands here and I don't get the Last login message. I am not getting it on most other FreeBSD systems except the newest 2 systems I just finished updating in the last couple of days. In sudoers, do you have rootALL=(ALL) ALL ? Yes. That's where I added all of the users who can sudo. I even copied it out of another sudoers file so as not to miss anybody. The FreeBSD version I am using is FreeBSD 6.2-RELEASE-p11 Interestingly, the system I am on right this minute is the same version and does not exhibit this behavior. Martin McCormick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo Commands on New 6.2 System Cause Last Login Message.
The commands always work but I would rather not get that message
each time. Am I missing something obvious?
A quick google search will show you that it's the
${LOCALBASE}/etc/pam.d/sudo file which is the root of your problem.
It's pam_lastlog(8) which makes the message. If you don't need it,
comment out the...
session include system
... line in ${LOCALBASE}/etc/pam.d/sudo to get rid of this behavior.
Cheers,
David
--
David Robillard
UNIX systems administrator Oracle DBA
CISSP, RHCE Sun Certified Security Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo Commands on New 6.2 System Cause Last Login Message.
On Thu, 2008-04-03 at 12:06 -0500, Martin McCormick wrote: I noticed that every sudo command I issue is accompanied by a Last login message. 25testokcns root $ls .hushlogin ls: .hushlogin: No such file or directory 26testokcns root $sudo touch .hushlogin Last login: Thu Apr 3 11:38:24 from testokcns.osuokc 27testokcns root $sudo date Last login: Thu Apr 3 11:41:10 from testokcns.osuokc Thu Apr 3 11:41:17 CDT 2008 I was trying to see if a .hushlogin file in /root might snuff out the messages, but it had no effect. The commands always work but I would rather not get that message each time. Am I missing something obvious? Thanks. Make sure you have the latest version of the sudo port. This issue where pam_lastlog was being called because the system pam.d file was included in the session section of sudo's pam file was fixed. tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
how to write the standard output to an unwritable with sudo?
$ whoami v $ ll a -rw-r--r-- 1 root v 0 Mar 30 10:02 a $ sudo cat a a: Permission denied. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to write the standard output to an unwritable with sudo?
On Sun, 30 Mar 2008 10:13:02 +0800, lveax [EMAIL PROTECTED] wrote: $ whoami v $ ll a -rw-r--r-- 1 root v 0 Mar 30 10:02 a $ sudo cat a a: Permission denied. You have to redirect output 'within' sudo, so try using: sudo sh -c 'cat unwritable' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo mkextcache?
Hi-- I¹m trying to make a bootable clone of my startup drive, and read Mike Bombich¹s instructions on how to do this. He includes the following line as the last step in the process: Finally, recreate the kernel extension cache for the CD: sudo mkextcache -t ppc -d \ /Volumes/Rescue/System/Library/Extensions \ -o /Volumes/Rescue2/System/Library/Extensions.mkext That doesn¹t look like a command to me. Anyone know what he¹s trying to do here? Thanks :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo mkextcache?
Jeffrey Ellis wrote: Hi-- I¹m trying to make a bootable clone of my startup drive, and read Mike Bombich¹s instructions on how to do this. He includes the following line as the last step in the process: Finally, recreate the kernel extension cache for the CD: sudo mkextcache -t ppc -d \ /Volumes/Rescue/System/Library/Extensions \ -o /Volumes/Rescue2/System/Library/Extensions.mkext That doesn¹t look like a command to me. Anyone know what he¹s trying to do here? Thanks :) /Volumes looks like a OSX layout. posting the URI might help others looking too. --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: firefox only runs with 'sudo'
In response to Steve Franks [EMAIL PROTECTED]: Don't get it. I installed firefox from the package at ftp4.us.freebsd.org like always (so I thought) but if I run 'firefox', I get a prompt back, and no firefox, but if I run it as sudo, it comes up fine. Where should I start fixing permissions at, do you think? I'm going to guess that your ~/.mozilla directory has incorrect ownership. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
firefox only runs with 'sudo'
Don't get it. I installed firefox from the package at ftp4.us.freebsd.org like always (so I thought) but if I run 'firefox', I get a prompt back, and no firefox, but if I run it as sudo, it comes up fine. Where should I start fixing permissions at, do you think? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On Fri, 2007-11-23 at 20:01 -0800, Kamil Kisiel wrote: On Nov 23, 2007 7:31 PM, Kamil Kisiel [EMAIL PROTECTED] wrote: On Nov 23, 2007 7:16 PM, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Christopher, That's exactly the problem. Seems the previous administrator of this machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it configured as is. Somehow I never caught on to that. -- Kamil Alright, maybe my impression of success was slightly premature. It seems that the problem now is that sudo doesn't like the pam_unix.so module for whatever reason. If I use the default sudo pam file, which simply includes all settings from /etc/pam.d/system it gives me an error like the following: sudo: pam_authenticate: conversation failure what version of sudo are you using? This is the pam file from the latest verison of the port: # # $Id$ # # PAM configuration for the sudo service # # auth authinclude system # account account include system # session # XXX: pam_lastlog (used in system) causes users to appear as though # they are no longer logged in in system logs. session requiredpam_permit.so # password passwordinclude system -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/23/07, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I tried running sudo -k, sudo -K before trying it. I've even tried manually removing /var/run/sudo. I would check out the compile time options... 'sudo sudo -V' if you aren't already root. - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHR3FLNTm8fWdRgmIRAjmPAKCmcjfF1Ar6FSrupLHmVX6ATyB78wCcD/N9 63E+buR2pQ+nDfM7+s/235g= =ozd+ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley pgpziZhMm0oiV.pgp Description: PGP signature
Re: sudo never asks me for a password
On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley pgpFD1relxoDg.pgp Description: PGP signature
Re: sudo never asks me for a password
On Nov 23, 2007 7:31 PM, Kamil Kisiel [EMAIL PROTECTED] wrote: On Nov 23, 2007 7:16 PM, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Christopher, That's exactly the problem. Seems the previous administrator of this machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it configured as is. Somehow I never caught on to that. -- Kamil Alright, maybe my impression of success was slightly premature. It seems that the problem now is that sudo doesn't like the pam_unix.so module for whatever reason. If I use the default sudo pam file, which simply includes all settings from /etc/pam.d/system it gives me an error like the following: sudo: pam_authenticate: conversation failure -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On Fri, Nov 23, 2007 at 08:01:23PM -0800, Kamil Kisiel wrote: Alright, maybe my impression of success was slightly premature. It seems that the problem now is that sudo doesn't like the pam_unix.so module for whatever reason. If I use the default sudo pam file, which simply includes all settings from /etc/pam.d/system it gives me an error like the following: sudo: pam_authenticate: conversation failure My /etc/pam.d/sudo file looks like: authinclude system account include system session include system I recommend you add the debug option to modules and watch the log files for more specific error messages. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley pgp4v7nFZww7o.pgp Description: PGP signature
Re: sudo never asks me for a password
On Nov 23, 2007 7:16 PM, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 07:09:36PM -0800, Kamil Kisiel wrote: On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so This looks like it was copied verbatim from su. I suspect the pam_self.so is causing problems. Sudo authenticates the user for their current account, not the target account. That line will cause authentication to short-circuit on a UID match w/o any need to provide a password. Try commenting it out. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Christopher, That's exactly the problem. Seems the previous administrator of this machine made /etc/pam.d/sudo a link to /etc/pam.d/su and left it configured as is. Somehow I never caught on to that. -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo never asks me for a password
For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I tried running sudo -k, sudo -K before trying it. I've even tried manually removing /var/run/sudo. When I run sudo -l, I get: User kamil may run the following commands on this host: (ALL) ALL The contents of my /usr/local/etc/sudoers file is: Defaults authenticate rootALL=(ALL) ALL %sysops ALL=(ALL) ALL I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo never asks me for a password
On 11/23/07, Christopher Cowart [EMAIL PROTECTED] wrote: On Fri, Nov 23, 2007 at 03:43:39PM -0800, Kamil Kisiel wrote: For some reason, on this particular FreeBSD machine, sudo never asks me for a password, even if I haven't logged in for days. I've been struggling with this problem for some time but still haven't been able to find a solution. Any ideas? Maybe something is misconfigured in your pam stack? Check /etc/pam.d/sudo. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Hi Christopher, /etc/pam.d/sudo looks like this: # # $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $ # # PAM configuration for the su service # # auth authsufficient pam_rootok.so no_warn authsufficient pam_self.so no_warn authrequisite pam_group.sono_warn group=wheel root_only fail_safe authinclude system # account account include system # session session requiredpam_permit.so -- Kamil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
Pieter de Goeje a écrit : Sudo by default logs with facility 'local2' and priority 'notice'. Neither one is specified in your syslog.conf. Yes, it fix my problem ! Thanks very much ! Nicolas -- Nicolas Letellier, administrateur systèmes Site personnel : http://nicoelro.net Curriculum-vitae : http://nletellier.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
On Wed, 2007-10-10 at 18:38 +0200, Nicolas Letellier wrote: Pieter de Goeje a écrit : Sudo by default logs with facility 'local2' and priority 'notice'. Neither one is specified in your syslog.conf. To set the facility in sudoer(5): Defaultssyslog=auth Or local0-7 if you have a lot of action. ~BAS Yes, it fix my problem ! Thanks very much ! Nicolas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
On Tuesday 09 October 2007, Pieter de Goeje [EMAIL PROTECTED] wrote: (among other verbiage) It logs it's (sic) messages in /var/log/messages. Is this mentioned in the man page ? If nort, it should be! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo doesn't log anything
Hello, In my FreeBSD 6.2, I use sudo for a user. However, I want know who has used sudo in my machine. But, sudo doesn't log anything. I have nothing about sudo in /var/log... Syslog log auth.* in /var/log/auth, but nothing about sudo... What's the problem ? Any ideas ? Thanks ! Nicolas -- Nicolas Letellier, administrateur systèmes Site personnel : http://nicoelro.net Curriculum-vitae : http://nletellier.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
On Tuesday 09 October 2007, Nicolas Letellier wrote: Hello, In my FreeBSD 6.2, I use sudo for a user. However, I want know who has used sudo in my machine. But, sudo doesn't log anything. I have nothing about sudo in /var/log... Syslog log auth.* in /var/log/auth, but nothing about sudo... It logs it's messages in /var/log/messages. What's the problem ? Any ideas ? Thanks ! No Problemo :) Nicolas Pieter de Goeje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
Hello, Thanks for your response. No, there is nothing about sudo in /var/log/messages (in anyone else file in /var/log). But i modified my /etc/syslog.conf. The problem could is this file ? I pastebin my file : http://pastebin.com/m35ceae32 What's the problem to log sudo informations ? Thanks ! Nicolas Pieter de Goeje a écrit : On Tuesday 09 October 2007, Nicolas Letellier wrote: Hello, In my FreeBSD 6.2, I use sudo for a user. However, I want know who has used sudo in my machine. But, sudo doesn't log anything. I have nothing about sudo in /var/log... Syslog log auth.* in /var/log/auth, but nothing about sudo... It logs it's messages in /var/log/messages. What's the problem ? Any ideas ? Thanks ! No Problemo :) Nicolas Pieter de Goeje -- Nicolas Letellier, administrateur systèmes Site personnel : http://nicoelro.net Curriculum-vitae : http://nletellier.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sudo doesn't log anything
On Tuesday 09 October 2007, Nicolas Letellier wrote: Hello, Thanks for your response. No, there is nothing about sudo in /var/log/messages (in anyone else file in /var/log). But i modified my /etc/syslog.conf. The problem could is this file ? I pastebin my file : http://pastebin.com/m35ceae32 What's the problem to log sudo informations ? Sudo by default logs with facility 'local2' and priority 'notice'. Neither one is specified in your syslog.conf. Thanks ! Nicolas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sudo clears the environment variable
Hi, On a new system that I am installing, I found out that the new version of sudo version 1.6.9p3 clears the environment variables. It was not the case on previous version like version 1.6.8p12. I tried to understand what is the configuration to perform like it was before, I tried to add the SETENV: tag like in on ALL=(ALL) SETENV: ALL but it is not working? Any clue? Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo clears the environment variable
env_reset now seems to be on by default. you could turn it off if you need to or fiddle with the env_keep and env_check lists. That's what I mean, how to turn it off. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo clears the environment variable
Olivier Nicole wrote: Hi, On a new system that I am installing, I found out that the new version of sudo version 1.6.9p3 clears the environment variables. It was not the case on previous version like version 1.6.8p12. I tried to understand what is the configuration to perform like it was before, I tried to add the SETENV: tag like in onALL=(ALL) SETENV: ALL env_reset now seems to be on by default. you could turn it off if you need to or fiddle with the env_keep and env_check lists. Vince but it is not working? Any clue? Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo clears the environment variable
Olivier Nicole wrote: env_reset now seems to be on by default. you could turn it off if you need to or fiddle with the env_keep and env_check lists. That's what I mean, how to turn it off. Sorry, a line like Defaults!env_reset in sudoers ought to do it or you can do it on a per user basis. see /usr/local/share/doc/sudo/UPGRADE Vince Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo clears the environment variable
On 07/08/07, Olivier Nicole [EMAIL PROTECTED] wrote: env_reset now seems to be on by default. you could turn it off if you need to or fiddle with the env_keep and env_check lists. That's what I mean, how to turn it off. I added the line Defaults !env_reset to sudoers. You might want to put more restrictions on it. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sudo clears the environment variable
[EMAIL PROTECTED] wrote: On 07/08/07, Olivier Nicole [EMAIL PROTECTED] wrote: env_reset now seems to be on by default. you could turn it off if you need to or fiddle with the env_keep and env_check lists. That's what I mean, how to turn it off. I added the line Defaults !env_reset to sudoers. You might want to put more restrictions on it. Hi, After # Defaults specification We added then line: Defaults env_keep=* Is this equivalent? Thanks, Arend ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port SOLVED
Lars Wittebrood wrote: Hello list, This issue is solved. I have compiled the /bin/cp binary from source again and installed it. Still don't know what caused this though. Cheers, Lars. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FreeBSD-Ports Posted At: Monday, July 30, 2007 8:37 AM Posted To: FreeBSD-Ports Conversation: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port Subject: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port Hello list, Anybody seen the message below and knows what it means? Couldn't find anything on Goolge. It's a 6.1-RELEASE-p10 system. [EMAIL PROTECTED] sudo # make === WARNING: Vulnerability database out of date, checking anyway === Found saved configuration for sudo-1.6.9.1 === Extracting for sudo-1.6.9.1 = MD5 Checksum OK for sudo-1.6.9p1.tar.gz. = SHA256 Checksum OK for sudo-1.6.9p1.tar.gz. === Patching for sudo-1.6.9.1 === Configuring for sudo-1.6.9.1 /libexec/ld-elf.so.1: Undefined symbol optifd referenced from COPY relocation in /bin/cp *** Error code 1 Stop in /usr/ports/security/sudo. *** Error code 1 Stop in /usr/ports/security/sudo. With regards, Lars. ABI changes if you recompiled some sources (and not others) can cause this. Always rebuild everything if you changed any important parts (libc, compiler versions, dependant libs, etc). -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port SOLVED
Garrett Cooper wrote: Lars Wittebrood wrote: Hello list, This issue is solved. I have compiled the /bin/cp binary from source again and installed it. Still don't know what caused this though. Cheers, Lars. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of FreeBSD-Ports Posted At: Monday, July 30, 2007 8:37 AM Posted To: FreeBSD-Ports Conversation: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port Subject: /libexec/ld-elf.so.1: Undefined symbol optifd referenced fromCOPY relocation in /bin/cp when installing sudo port Hello list, Anybody seen the message below and knows what it means? Couldn't find anything on Goolge. It's a 6.1-RELEASE-p10 system. [EMAIL PROTECTED] sudo # make === WARNING: Vulnerability database out of date, checking anyway === Found saved configuration for sudo-1.6.9.1 === Extracting for sudo-1.6.9.1 = MD5 Checksum OK for sudo-1.6.9p1.tar.gz. = SHA256 Checksum OK for sudo-1.6.9p1.tar.gz. === Patching for sudo-1.6.9.1 === Configuring for sudo-1.6.9.1 /libexec/ld-elf.so.1: Undefined symbol optifd referenced from COPY relocation in /bin/cp *** Error code 1 Stop in /usr/ports/security/sudo. *** Error code 1 Stop in /usr/ports/security/sudo. With regards, Lars. ABI changes if you recompiled some sources (and not others) can cause this. Always rebuild everything if you changed any important parts (libc, compiler versions, dependant libs, etc). -Garrett Err... I meant to email [EMAIL PROTECTED] -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sudo and env gotcha (or is it just me?)
After blithely upgrading everything else, I at- tempted rebuilding jdk15 and, crumbs! my nfs mounted /ports (4.7G) filled up and the build barfed although I have WRKDIRPREFIX set in /etc/csh.cshrc Barbara Streisand! I thought, what could be the prob-lem now? % cd /ports/java/jdk15 sudo make extract puts the work/ directory right there in /ports/java/jdk15/ Hooray(?)! well, it's not portupgrade's fault, since make is also not using $WRKDIRPREFIX And then it occured to me that I had upgraded sudo. Oh ho! % sudo env gave me quite a short list, which certainly didn't include WRKDIRPREFIX. A not very quick perusal of man 8 sudo and then man 5 sudoers and I finally found the env_reset flag and a host of others besides. Boy, was that ever a fun auuenture! Lesson: be observant when upgrading important things. or It never hurts to read. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote Execution of sudo Command Hangs.
Christian Walther writes: Try using pseudo tty allocation with your ssh command, it's the -t option. So, use ssh -t remote.system.domain sudo dhcpreset as the command. That worked perfectly. If this doesn't work directly, you can even try several ts. I had best results with -ttt. This is great to know. The only difference besides the fact it now works is that one sees a closed-connection message like what you see when you ssh to another system and spawn a shell because that seizes tty's also. It just hadn't occurred to me before that you don't seize a tty on the remote system when you remotely run an ssh command. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Remote Execution of sudo Command Hangs.
We have 3 FreeBSD systems. One is trying to use ssh and sudo to run commands on two other systems. The remote command being executed is: ssh remote.system.domain sudo dhcpreset dhcpreset is an expect script most of which is shown here: spawn $env(SHELL) expect -exact \# send -- date\r expect -exact \# #body start send -- cd /usr/local/etc\r expect -exact \# send -- /usr/local/etc/zap dhcpd\r expect -exact \# send_user Stopped [exec hostname] dhcpd at [exec date +%y%m%d%H%M%S ].\n\r send -- /usr/local/sbin/dhcpd -q \r expect -exact \# send_user Partially restarted [exec hostname] dhcpd at [exec date +%y%m%d%H%M%S ].\n\r send -- tail -1f /var/log/syslog\r expect -exact peer moves from communications-interrupted to normal send -- $CONTROL_C #body end expect -exact \# send_user Fully restarted dhcpd at [exec date +%y%m%d%H%M%S ].\n\r send -- date;exit\r expect eof The script works perfectly if you run it from a login shell on the system where it actually lives as in: sudo dhcpreset. If you run it via ssh from a remote system, however, it runs, produces the proper status messages and does its job and then . . . . . . You have to hit a Control-C to kill off the ssh connection which doesn't drop on its own. I think my script must somehow make sudo not see the exit. Even though you see the dhcpd -q process started as a background process, dhcpd daemonizes almost immediately and you even see the completion message in a log of the activity so it isn't that. Besides, it exits properly when called locally. Other remote commands using sudo properly exit. Any idea how I might figure out what is hanging things up? If you do a ps on the remote system, the expect script has ended. On the calling system, you still see ssh to the remote system. Reading the expect manual shows an exit command but also says that it is implied when the end of the script is reached. I have tried it with and without that command at the end with no effect. Thanks for any other suggestions for making this command terminate when done. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote Execution of sudo Command Hangs.
Hi Martin, On 27/07/07, Martin McCormick [EMAIL PROTECTED] wrote: We have 3 FreeBSD systems. One is trying to use ssh and sudo to run commands on two other systems. The remote command being executed is: ssh remote.system.domain sudo dhcpreset dhcpreset is an expect script most of which is shown here: [Script removed] The script works perfectly if you run it from a login shell on the system where it actually lives as in: sudo dhcpreset. If you run it via ssh from a remote system, however, it runs, produces the proper status messages and does its job and then . . . . . . You have to hit a Control-C to kill off the ssh connection which doesn't drop on its own. I think my script must somehow make sudo not see the exit. Even though you see the dhcpd -q process started as a background process, dhcpd daemonizes almost immediately and you even see the completion message in a log of the activity so it isn't that. Besides, it exits properly when called locally. Other remote commands using sudo properly exit. Any idea how I might figure out what is hanging things up? If you do a ps on the remote system, the expect script has ended. On the calling system, you still see ssh to the remote system. Reading the expect manual shows an exit command but also says that it is implied when the end of the script is reached. I have tried it with and without that command at the end with no effect. Thanks for any other suggestions for making this command terminate when done. Try using pseudo tty allocation with your ssh command, it's the -t option. So, use ssh -t remote.system.domain sudo dhcpreset as the command. If this doesn't work directly, you can even try several ts. I had best results with -ttt. If this still doesn't work, try using nohup dhcpd -q as command. HTH Christian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
On 4/7/07, Kevin Kinsey [EMAIL PROTECTED] wrote: Jerry McAllister wrote: Also, although telnet is a hole nowdays for logging in to a system with an id and password for the very reasons you have given, it still has a use. You can use it to easily poke at a port and check the response to see if something is up and working. Of course, in that case you would probably not be sending an id and password, just some common handshaking strings that don't reveal any secrets to anyone. This is really a different issue from what was the OP or the intent of the wiki article, of course. Right; the intent, as I see it, is to pound through people's (potential new *BSD system admins) heads the fact that you don't use telnet for remote logins/remote shell work. Well actually, we're looking forward to telnet start-tls RFC. It will provide for tighter integration of PKI. I'll be glad to see the day when all I need for authentication is TLS certs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
Jerry McAllister wrote: I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. 10 years ago you might have been correct. An old dictionary on the shelf does not list administrate. However both modern dictionaries I tried listed it with the same meaning as administer in it's oversee sense. On-line, try, for example, WordNet http://wordnet.princeton.edu/ (web interface: http://wordnet.princeton.edu/perl/webwn). I can find over a dozen references with a google for administrate meaning. I can't find any etymology for this specific (and I would agree, in some sense wrong) form however it is clearly in common usage. Language evolves, not always in ways that everyone likes. Administer is a perfectly good word, and there's no need for administrate to exist. But language skills being what they are, someone looks at administration and it's quite understandable how they get to a verb administrate. C.f compensation, for example. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
On Fri, Apr 06, 2007 at 12:08:04PM +0100, Alex Zbyslaw wrote: Jerry McAllister wrote: I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. 10 years ago you might have been correct. An old dictionary on the shelf does not list administrate. However both modern dictionaries I tried listed it with the same meaning as administer in it's oversee sense. On-line, try, for example, WordNet http://wordnet.princeton.edu/ (web interface: http://wordnet.princeton.edu/perl/webwn). I can find over a dozen references with a google for administrate meaning. I can't find any etymology for this specific (and I would agree, in some sense wrong) form however it is clearly in common usage. Language evolves, not always in ways that everyone likes. Administer is a perfectly good word, and there's no need for administrate to exist. But language skills being what they are, someone looks at administration and it's quite understandable how they get to a verb administrate. C.f compensation, for example. Geeez, the language is falling apart. I was afraid of that. Why did I ever take 8th grade English and have to learn about verb infinitives when I could have been trying to spy on girls gymn class... jerry --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
Jerry McAllister wrote: On Thu, Apr 05, 2007 at 11:28:34AM -0500, Jeremy C. Reed wrote: On Thu, 5 Apr 2007, Kevin Kinsey wrote: I thought I might also mention a potential sudo-shortcoming. :-D See: http://bsdwiki.reedmedia.net/wiki/Recognize_basic_recommended_access_methods.html Where I wrote about a quoting problem that occasionally confuses newbs like me. Finally got around to reading the wiki page. It is good. I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. I'll look into that. I churned out a lot of text, so if that's all you saw, Jeremy must have had his lucky shirt on. ;-) Also, ;-) nothing would prevent you from signing up and making such a change yourself. I'm sure the book could benefit from your wisdom. Also, although telnet is a hole nowdays for logging in to a system with an id and password for the very reasons you have given, it still has a use. You can use it to easily poke at a port and check the response to see if something is up and working. Of course, in that case you would probably not be sending an id and password, just some common handshaking strings that don't reveal any secrets to anyone. This is really a different issue from what was the OP or the intent of the wiki article, of course. Right; the intent, as I see it, is to pound through people's (potential new *BSD system admins) heads the fact that you don't use telnet for remote logins/remote shell work. KDK -- Rocky's Lemma of Innovation Prevention Unless the results are known in advance, funding agencies will reject the proposal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
On 4/5/07, Schiz0 [EMAIL PROTECTED] wrote: True, if that was the case I'd use sudo. But I'm the only user on my systems that I'd trust with root access, so there's no point with my setup. [Please don't top post] Anyway, yes, I would say it depends on the situation, and it's even a matter of taste. I use sudo on my laptop, even if I'm the only user... de gustibus non disputandum est... -- Pietro Cerutti - ASCII Ribbon Campaign - against HTML e-mail and proprietary attachments www.asciiribbon.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
True, if that was the case I'd use sudo. But I'm the only user on my systems that I'd trust with root access, so there's no point with my setup. On 4/5/07, Pietro Cerutti [EMAIL PROTECTED] wrote: On 4/5/07, Schiz0 [EMAIL PROTECTED] wrote: I don't use sudo. I find it rather pointless. If I need to do something as root, I use su to gain root privileges, then when I'm done, I exit and return to the original user. The user running su must be in the group wheel to be able to su to root. This is a simple yet convenient security system. What when you have several people with different privileges wanting to do stuff that normally only root can? Would you give your root password to everyone, or rather install sudo and define exactly what a user can do? -- Pietro Cerutti - ASCII Ribbon Campaign - against HTML e-mail and proprietary attachments www.asciiribbon.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
On 05/04/07, Schiz0 [EMAIL PROTECTED] wrote: [Moved answer to the bottom -- please don't use top post] On 4/5/07, Pietro Cerutti [EMAIL PROTECTED] wrote: On 4/5/07, Schiz0 [EMAIL PROTECTED] wrote: I don't use sudo. I find it rather pointless. If I need to do something as root, I use su to gain root privileges, then when I'm done, I exit and return to the original user. The user running su must be in the group wheel to be able to su to root. This is a simple yet convenient security system. What when you have several people with different privileges wanting to do stuff that normally only root can? Would you give your root password to everyone, or rather install sudo and define exactly what a user can do? True, if that was the case I'd use sudo. But I'm the only user on my systems that I'd trust with root access, so there's no point with my setup. Well, sudo makes execution of several commands or script as another user quite simple because there's no need to enter the root password. For example I've three Access Points at home, but my machine can't connect to the nearest one automatically. So I need to issue ifconfig ath0 scan as root. Since I'm not root all the time, I defined an alias that executes the command using sudo. It's just one word, and I'm set. My girlfriend is using my old Laptop know, and I installed FreeBSD on it, too. So she needs the command, too. Since she isn't used to the Console I defined a new program/button in KDE she can press. So you see, there are reasons to use sudo even if you're the only user on a system. But as anywhere else in the Unix world, there are several different ways of how to perform a certain task, and the way one chooses is up to him/her. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
I don't use sudo. I find it rather pointless. If I need to do something as root, I use su to gain root privileges, then when I'm done, I exit and return to the original user. The user running su must be in the group wheel to be able to su to root. This is a simple yet convenient security system. su is standard, sudo is another binary to install. So I don't bother installing it. On 4/5/07, Victor Engmark [EMAIL PROTECTED] wrote: Hi all, I thought it would be a good idea to use sudo on my FreeBSD laptop, but I'm having doubts after checking the handbook (it's not mentioned at all) and Google (most of the articles were obscure and / or old). Are you using sudo? If not, why? -- Victor Engmark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
