Hi Vincent,
Am 03.11.2018 um 07:22 schrieb vincent delft:
Hello Markus,
I cannot reproduce your problem.
As you can see here under I can create a user "test1" on the command line,
and, with the same userid, I can create it with python2 and python3 too.
(I'm running 6.4)
I see 2 possible
at wrote:
> Hi,
>
> as I stated before on a cmd is no problem, Im using 6.4 release
>
>
> Am 30.10.2018 um 12:56 schrieb Solene Rapenne:
> > Markus Rosjat wrote:
> >> hi all,
> >>
> >> I have some old python scripts that using os.spawnl to execute s
install sudo package
using the "pointing a cannon at a sparrow" approach :(
regards
--
Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107
Hello,
On Tue, Oct 30, 2018 at 12:33 PM Markus Rosjat wrote:
> exit = subprocess.check_call(['doas', 'useradd', '-u %s' % user_id,
> '-g =uid',
> '-s /sbin/nologin',
> '-d %s' % mb_parent_dir,
> user_name])
Maybe you should try like the following:
cmd = ['doas', 'useradd',
'-u', user_id,
Hi,
as I stated before on a cmd is no problem, Im using 6.4 release
Am 30.10.2018 um 12:56 schrieb Solene Rapenne:
Markus Rosjat wrote:
hi all,
I have some old python scripts that using os.spawnl to execute stuff
like useradd combined with sudo. This worked just fine on systems with
sudo
Markus Rosjat wrote:
> hi all,
>
> I have some old python scripts that using os.spawnl to execute stuff
> like useradd combined with sudo. This worked just fine on systems with
> sudo installed but these days we have doas and its totally enough for
> things I use to do s
hi all,
I have some old python scripts that using os.spawnl to execute stuff
like useradd combined with sudo. This worked just fine on systems with
sudo installed but these days we have doas and its totally enough for
things I use to do so I said to myself "lets update these old sc
This is fixed in sudo 1.8.21p1. It's in ports now but you'll need
to wait a bit for a prebuild package, though you can of course
build your own.
- todd
The sudoreplay event loop was rewritten in 1.8.21. The bug only
occurs when logging input as well as output. I've reproduced this
now and will debug it later today.
- todd
Using sudoreplay with log_input and log_output on OpenBSD I recently
encountered:
After updating to sudo-1.8.21 today when I do "sudoreplay " the
session
begins but does not proceed to the next screens.
Last worked in sudo-1.8.20p2 still works fine.
I've tried this with sudorepl
Mohammad,
On Sat, Apr 23, 2016 at 08:59:41AM -0500, Edgar Pettijohn wrote:
> man disklabel
>
To find your DUID use doas disklabel sd1. You will have a multiline
output with one line similar to: duid: 3e35f72eb60d84ba. That is what
you will use in your /etc/fstab.
However I would strongly
man disklabel
Scroll down to the first example.
Sent from my iPhone
> On Apr 23, 2016, at 8:08 AM, Mohammad BadieZadegan
wrote:
>
> Thanks Paul, It's resolve my issue! Bravo.
> Thanks ludovic, I had bad chance in network speed at that time and when I
> repeat your command
Thanks Paul, It's resolve my issue! Bravo.
Thanks ludovic, I had bad chance in network speed at that time and when I
repeat your command it resolve my issue!
Dear Chris,
I have 2 other partitions other than my OpenBSD and I don't know my HDD
partitions IDs to append in my fstab! How can I know
> 2. I installed ntfs_3g but still I can not write over ntfs flash usb! How
> can I do that?
Are you using the mount(8) command? Do not! Use ntfs-3g(8).
On Sat, Apr 23, 2016 at 02:52:37PM +0430, Mohammad BadieZadegan wrote:
> 3. How can I access to my other HDD partitions?
> Best Regards,
>
You can edit the /etc/fstab file to also mount those other partitions
onto directories you create on the boot drive. This will happen when
booting.
mkdir
2016-04-23 12:22 GMT+02:00 Mohammad BadieZadegan <mbzade...@gmail.com>:
> Hi everybody,
> I have installed OpenBSD5.9 on my HDD last partition successfully.
> I have 3 questions about this latest release after reading the OpenBSD FAQ
> page,
> 1. How can I install pkg_mgr, su
Hi everybody,
I have installed OpenBSD5.9 on my HDD last partition successfully.
I have 3 questions about this latest release after reading the OpenBSD FAQ
page,
1. How can I install pkg_mgr, sudo, as older releases?
2. I installed ntfs_3g but still I can not write over ntfs flash usb! How
can I
On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> And what about difference? Explain please.
>
> > > I discovered an article about sudo and globbing[1] and
> > > there's difference how it does work on Linux and OpenBSD.
> >
> > http://zurl
On 2016 Jan 08 (Fri) at 05:52:32 -0500 (-0500), Jiri B wrote:
:On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
:> And what about difference? Explain please.
:>
:> > > I discovered an article about sudo and globbing[1] and
:> > > there's difference h
11:52:32 AM GMT+01:00, Jiri B <ji...@devio.us> wrote:
> >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> >> And what about difference? Explain please.
> >>
> >> > > I discovered an article about sudo and globbing[1] and
>
And what about difference? Explain please.
On Thu, Jan 7, 2016 at 7:03 PM, Jiri B <ji...@devio.us> wrote:
> On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote:
> > I discovered an article about sudo and globbing[1] and
> > there's difference how it does work on Lin
On Thu, Jan 07, 2016 at 04:43:14PM GMT, Jiri B wrote:
> I discovered an article about sudo and globbing[1] and
> there's difference how it does work on Linux and OpenBSD.
AFAIK, globbing is done by shell and sudo doesn't take part in it.
> # su -s /usr/local/bin/bash
2016-01-08 11:52 GMT+01:00 Jiri B <ji...@devio.us>:
>
> So the question is: why does same command on equally "restricted" dir
> path gets different output - why on openbsd does '*' get expanded
> immediatelly but on linux is it taken into account somehow by sudo (?)
On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B <ji...@devio.us> wrote:
>On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
>> And what about difference? Explain please.
>>
>> > > I discovered an article about sudo and globbing[1] and
>>
You are comparing two very different versions of sudo. The sudo
that used to ship with OpenBSD is version 1.7.2p8 which is rather
ancient. On Linux you probably have some variant of sudo 1.8.x.
Newer versions of sudo escape spaces in the command run via "sudo
-s" whereas the ancient 1.
On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote:
> I discovered an article about sudo and globbing[1] and
> there's difference how it does work on Linux and OpenBSD.
I forgot to put the url
http://zurlinux.com/?p=2244
> - openbsd
>
> # su -s /usr/local/bin/bash - n
I forwarded to landry@
Thank you.
Heiko
Am 21.08.2015 um 16:16 schrieb Stuart Henderson:
On 2015-08-21, Heiko Zimmermann open...@heiko-zimmermann.com wrote:
Hello Tedu,
I'm using xfce. I tried to pkg_delete sudo because of doas.
doas is working fine for me.
But I cant remove sudo because
Hello Tedu,
I'm using xfce. I tried to pkg_delete sudo because of doas.
doas is working fine for me.
But I cant remove sudo because of dependencies. xfce-extras -
xfce-mount - sudo.
So I cant remove sudo without removing xfce-extras.
Maybe - in future - there is a chance to integrate doas
On 2015-08-21, Heiko Zimmermann open...@heiko-zimmermann.com wrote:
Hello Tedu,
I'm using xfce. I tried to pkg_delete sudo because of doas.
doas is working fine for me.
But I cant remove sudo because of dependencies. xfce-extras -
xfce-mount - sudo.
So I cant remove sudo without removing
installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
I have setup the autoinstall for no root password and only one user
account so I was wondering how do I run something
On 2015-08-07, John Naggets hostingnugg...@gmail.com wrote:
Hello,
I just installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
I have setup the autoinstall
Hello,
I just installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
I have setup the autoinstall for no root password and only one user
account so I was wondering how do
On Fri, Aug 7, 2015 at 5:06 PM, John Naggets hostingnugg...@gmail.com wrote:
Hello,
I just installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
I have setup
On Fri, 07 Aug 2015 17:06:03 +0200, John Naggets wrote:
I just installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
Yes, sudo has moved to ports. The new doas(1
On Fri, Aug 07, 2015 at 05:06:03PM +0200 or thereabouts, John Naggets wrote:
Hello,
I just installed OpenBSD snapshot (5.8) through an automated install
and was surprise to login with my normal user and to find out that
there is no sudo command available. Is this normal?
I have setup
On Wed, 15 Jul 2015 14:51:00 +0200, Alex Greif wrote:
when I 'sudo su - ' into a root shell and issue a 'passwd' without a
username
argument, then it does not try to change the passwd for the current user (in
this case root) but for the user from which I issued the 'sudo'.
This is because
Hi,
with the current 5.8 snapshot I have a question on the following passwd(1)
behaviour:
when I 'sudo su - ' into a root shell and issue a 'passwd' without a
username
argument, then it does not try to change the passwd for the current user (in
this case root) but for the user from which I
special login classes.
Once logged in, when I try to
sudo -H -u userB firefox
it appears to try to start firefox, then give up. Nothing special in
the logs, that I have noticed.
Similar in 5.6, but more noise from firefox, so that I can see it is trying
to start. No error message in /var/log
for owner and group. userA is a member of the bubble
group.
Login says the home directory does not exist.
When I make /home/bubble world readable, login finds the home directory.
5.6 has the same behavior here, even without special login classes.
Once logged in, when I try to
sudo -H -u userB
directory does not exist.
When I make /home/bubble world readable, login finds the home directory.
Once logged in, when I try to
sudo -H -u userB firefox
it appears to try to start firefox, then give up. Nothing special in
the logs, that I have noticed.
userB is s a member of the userA group.
sudo-ing
commands were correctly invoked, for example:
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null
but not tcpdump in this specific form:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p local2.info
The complete file is:
# cat /etc/rc.local
/sbin/ifconfig
On 4.2.2015. 15:13, Todd C. Miller wrote:
On Wed, 04 Feb 2015 15:06:41 +0100, Hrvoje Popovski wrote:
is there any problem to just put this in crontab?
@reboot /usr/sbin/tcpdump -lnqttti pflog0 2 error.log | /usr/bin/logger
-t pf -p local2.info
You should not try to run the command in
On Wed, 04 Feb 2015 15:06:41 +0100, Hrvoje Popovski wrote:
is there any problem to just put this in crontab?
@reboot /usr/sbin/tcpdump -lnqttti pflog0 2 error.log | /usr/bin/logger
-t pf -p local2.info
You should not try to run the command in the background since cron
runs commands
correctly invoked, for example:
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null
but not tcpdump in this specific form:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p local2.info
The complete file is:
# cat /etc/rc.local
/sbin/ifconfig pflog0 up
On 2015-02-03 04:16:04, Ted Unangst t...@tedunangst.com wrote:
This is the kind of thing I usually put in a small script, and add to root's
crontab. I don't think you need the nohup and sudo, that's probably just
complicating things. e.g.
#!/bin/sh
tcpdump -n | logger 2 error.log
On 2015-02-02 Mon 20:03 PM |, fRANz wrote:
# cat /etc/rc.local
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t
pf -p local2.info
?
/etc/rc.local is run by root on boot.
Check the environment rc.local
, for example:
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null
but not tcpdump in this specific form:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p local2.info
The complete file is:
# cat /etc/rc.local
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev
pflog0 up /sbin/pflogd -f /dev/null
but not tcpdump in this specific form:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p local2.info
The complete file is:
# cat /etc/rc.local
/sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null
sudo nohup tcpdump -n -v -l
suggestion is that you call tmux from /etc/rc.local using su
-c to make it run as another user and then give that user permission to
sudo to root for running the tcpdump command. This way you avoid needing
to ssh as root to the machine, and can also filter which commands the
user can run in /etc
to make it
run as another user and then give that user permission to sudo to root for
running the tcpdump command. This way you avoid needing to ssh as root to
the machine, and can also filter which commands the user can run in
/etc/sudoers.
Hello Giancarlo,
nice tip, I'll try!
-f
Hello guys,
I implemented this config:
http://home.nuug.no/~peter/pf/newest/log2syslog.html
in order to stream pf logs to a remote machine.
If I add the command:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p local2.info
to the /etc/rc.local file and reboot
On Thu, 29 Jan 2015 20:56:50 +0100
fRANz andrea.francesc...@gmail.com wrote:
Hello guys,
I implemented this config:
http://home.nuug.no/~peter/pf/newest/log2syslog.html
in order to stream pf logs to a remote machine.
If I add the command:
sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0
/bin/sh between su and root.
I'm confused:
just22@poseidon:[~] sudo su -s /bin/sh root -c date
Sat Oct 18 07:21:40 CEST 2014
just22@poseidon:[~] su -s /bin/sh root -c date
su: only the superuser may specify a login shell
(this is really weird).
That is not weird. sudo changes user
Alessandro DE LAURENZIS just22.adl at gmail.com writes:
(line-wrapped because of GMane)
#define SUDOCMD -fn 7x14 -geometry 60x4 -e sudo su -c 'nohup \
xfe /dev/null sleep 1'
^^
Note that this will not work on OpenBSD anyway; even mksh, which
does implement this bashism, will not parse
From: Thorsten Glaser t...@mirbsd.org
Date: Fri, Oct 17, 2014 at 10:44 AM
Subject: Re: sudo bad practice or inconsistency?
To: misc@openbsd.org
Alessandro DE LAURENZIS just22.adl at gmail.com writes:
(line-wrapped because of GMane)
#define SUDOCMD -fn 7x14 -geometry 60x4 -e sudo su
On Fri, Oct 17, 2014 at 05:51:08AM -0600, David Coppa wrote:
From: Thorsten Glaser t...@mirbsd.org
Date: Fri, Oct 17, 2014 at 10:44 AM
Subject: Re: sudo bad practice or inconsistency?
To: misc@openbsd.org
Alessandro DE LAURENZIS just22.adl at gmail.com writes:
(line-wrapped
On Fri 17/10 17:39, Raimo Niskanen wrote:
As I read the man page for su it is the target's login shell that is
invoked, and it need not always be /bin/sh - it can be changed.
Therefore I suspect that you want -s /bin/sh between su and root.
I'm confused:
just22@poseidon:[~] sudo su -s
Dear list,
I was playing with xfe (which by the way I consider a great program) and
noticed that opening a root window with sudo in OBSD doesn't work.
After a bit of debugging, I found out that the root cause is the
following definition inside xfedefs.h:
#define SUDOCMD -fn 7x14 -geometry 60x4
On Tue, 14 Oct 2014 20:58:56 +0200, Alessandro DE LAURENZIS wrote:
Now, launching sudo that way returns an error:
just22@poseidon:[xfe] sudo su -c ls
su: no such login class: ls
so basically sudo is parsing the -c option instead of passing it to
su. Probably this is just a bad practice
just22@poseidon:[xfe] sudo su -c ls
su: no such login class: ls
so basically sudo is parsing the -c option instead of passing it to
su.
No, it is not. If it were, the error message would come from sudo, not
from su.
And, in any case, why the same command works in Linux? do they use
On Tue 14/10 19:08, Miod Vallat wrote:
just22@poseidon:[xfe] sudo su -c ls
su: no such login class: ls
so basically sudo is parsing the -c option instead of passing it to
su.
No, it is not. If it were, the error message would come from sudo, not
from su.
And, in any case, why
FYI;- The sudo users mailing list quickly said the 3 issues I identified
are known bugs, which have been fixed in newer sudo versions.
http://www.sudo.ws/sudo/stable.html
The current stable release of sudo is 1.8.10p3
$ sudo -V
Sudo version 1.7.2p8
$ uname -a
OpenBSD teak.britvault.co.uk 5.4
some aliases, nothing major.
This arrangement works fine when logging in directly,
or via sudo su -l user
From my reading of sudo(8), I thought the same environment could be
gained with something like sudo -H -i -u username.
Am I missing sudo flags or settings in /etc/sudoers?
On 2014
To clarify, there are no ~/. shell dot files.
$PATH umask are set in /etc/login.conf
$MAIL is the default set by login(1)
/etc/profile sources /etc/ksh.kshrc, which just sets $PS1,
window decor some aliases, nothing major.
This arrangement works fine when logging in directly,
or via sudo su
On Fri, Apr 4, 2014 at 6:00 AM, Craig R. Skinner
skin...@britvault.co.uk wrote:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings such as $PATH, $MAIL umask
aren't being
use sudo in this manner, settings such as $PATH, $MAIL umask
aren't being honoured:
[...]
You do that with `sudo -c - -l`:
$ { ulimit -a; env; } ea
$ sudo -c - -i 'ulimit -a; env' eb
$ diff -u ea e
--- ea Tue Apr 8 07:13:11 2014
+++ eb Tue Apr 8 07:14:22 2014
@@ -1,29 +1,24 @@
time
On 2014-04-08 Tue 07:17 AM |, Andres Perera wrote:
You do that with `sudo -c - -l`:
$ sudo -c - -i 'ulimit -a; env' eb
$ diff -u ea e
--- ea Tue Apr 8 07:13:11 2014
+++ eb Tue Apr 8 07:14:22 2014
@@ -1,29 +1,24 @@
-LOGNAME=a
+LOGNAME=root
Also see `use_loginclass` in sudoers(5
On Fri, Apr 4, 2014, at 12:05 PM, David Coppa wrote:
On Fri, Apr 4, 2014 at 7:01 PM, Todd norr...@gmail.com wrote:
I think this should work
sudo su - user
Sure, it works.
I often use it.
sudo -s user
should work as well I think.
--
Shawn K. Quinn
skqu...@rushpost.com
On 2014-04-04 Fri 12:01 PM |, Todd wrote:
I think this should work
sudo su - user
Yes, going via root works.
How do I get the same user environment with something like:
sudo -H -i -u username
See below:
When I use sudo in this manner, settings such as $PATH, $MAIL
umask aren't
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings such as $PATH, $MAIL umask
aren't being honoured:
$ echo $LOGNAME; echo $PATH; echo $MAIL; umask
craig
/usr/bin:/bin:/usr
Quoting Craig R. Skinner skin...@britvault.co.uk:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings such as $PATH, $MAIL umask
aren't being honoured:
$ echo $LOGNAME
sudo -i ?
04.04.2014 14:31 полÑзоваÑÐµÐ»Ñ Craig R. Skinner
skin...@britvault.co.uk
напиÑал:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
settings as they receive when logging in themselves?
When I use sudo in this manner, settings
I think this should work
sudo su - user
On Fri, Apr 4, 2014 at 8:52 AM, Vadim Zhukov persg...@gmail.com wrote:
sudo -i ?
04.04.2014 14:31 ÐÏÌØÚÏ×ÁÔÅÌØ Craig R. Skinner
skin...@britvault.co.uk
ÎÁÐÉÓÁÌ:
Hi,
When sudo'ing to another user, how can I obtain all of their environment
On Fri, Apr 4, 2014 at 7:01 PM, Todd norr...@gmail.com wrote:
I think this should work
sudo su - user
Sure, it works.
I often use it.
On Thu, 07 Nov 2013 00:08:00 -0500, Ted Unangst wrote:
Is this the correct behavior? As I understand it, when I run sudo, it
asks for my password because it wants me to prove I'm me. I don't have
to authenticate as the destination user, so why is the destination
user's auth style being used
We're seeing a strange issue where logging into a newly-upgraded 5.4
machine with a RADIUS login works fine, but when trying to use sudo to
execute commands, I get incorrect password attempts in
/var/log/secure. Transcript of this (server name censored to foo, user
censored to user), log
Should also add that a /usr/bin/sudo binary copied over from a 5.3
machine works as expected.
Thanks,
Andrew Klettke
Systems Admin
Optic Fusion
On 11/06/2013 11:17 AM, Andrew Klettke wrote:
We're seeing a strange issue where logging into a newly-upgraded 5.4
machine with a RADIUS login works
Hey man, hope you're doing well.
The new version of sudo definitely breaks radius support somehow.
Old binary on newly-upgraded server, calling login_radius as expected:
32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0)
32409 sudo NAMI /usr/libexec/auth/login_radius
32409 sudo STRU
The only change I see to sudo between 5.3 and 5.4 that might be
related is this one. You could try backing it out via patch -R
and see if the old behavior is restored.
- todd
Index: sudo.c
===
RCS file: /home/cvs/openbsd/src
On 11/06/13 20:47, Andrew Klettke wrote:
Hey man, hope you're doing well.
The new version of sudo definitely breaks radius support somehow.
Old binary on newly-upgraded server, calling login_radius as expected:
32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0)
32409 sudo NAMI /usr
On 11/06/2013 12:26 PM, Alexander Hall wrote:
On 11/06/13 20:47, Andrew Klettke wrote:
Hey man, hope you're doing well.
The new version of sudo definitely breaks radius support somehow.
Old binary on newly-upgraded server, calling login_radius as expected:
32409 sudo CALL lstat
@:\
:radius-challenge-styles=login:
This is almost certainly caused by revision 1.45 of sudo.c. If you
back that out (see my previous messages) and rebuild sudo that
should fix it.
Basically, sudo is using the authentication style of the destination
user (in this case root) instead of the invoking user
On Wed, Nov 06, 2013 at 14:29, Todd C. Miller wrote:
Basically, sudo is using the authentication style of the destination
user (in this case root) instead of the invoking user. A workaround
may be to configure root to use radius authentication.
Is this the correct behavior? As I understand
On Fri, 13 Sep 2013 12:44:45 +0200, Donovan Watteau wrote:
Am I right thinking that sudo in base is still vulnerable to
CVE-2013-1776 for those who enable tty_tickets?
Yes, but the situation is no worse than with tty_tickets disabled.
If you are really worried about this you can simply disable
On 09/12/13 02:59, Michael W. Lucas wrote:
Hi,
I've noticed that the sudo on OpenBSD seems to have !ttytickets set by
default. In other words, I authenticate sudo once on, say, ttyp4, and
all of my login sessions on all my other ttyp* have authenticated to
sudo.
This, well, kind of surprised
On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote:
On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote:
I've noticed that the sudo on OpenBSD seems to have !ttytickets set by
default. In other words, I authenticate sudo once on, say, ttyp4, and
all of my login sessions
On 09/13/13 06:44, Donovan Watteau wrote:
On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote:
On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote:
I've noticed that the sudo on OpenBSD seems to have !ttytickets set by
default. In other words, I authenticate sudo once on, say
On 09/13/13, Nick Holland wrote:
On 09/13/13 06:44, Donovan Watteau wrote:
Hi,
Am I right thinking that sudo in base is still vulnerable to
CVE-2013-1776 for those who enable tty_tickets?
BTW, I was thinking about the following use case: PermitRootLogin set
to no, and a simple
On 2013-09-11 19:59, Michael W. Lucas wrote:
This, well, kind of surprised me. I'm sure you folks have thought this
through in much more detail than I have, but I can't find anything on
the rationale behind it.
It seems insecure. Can anyone enlighten me as to the thinking here?
I can't say
anyone enlighten me as to the thinking here?
I can't say whether this is the thinking of the OpenBSD developers, but
I have seen some concerns over the years that tty_tickets gives a false
sense of security.
This is technically true. If you used sudo on any tty (ttyA), somebody
at a different tty
it.
Is sudo enabled for any non-root users by default?
Sudo isn't enabled for non-root users by default.
It just seems a really strange default choice, one that nobody else
shares. But I wouldn't be shocked if there's a really good reason for
the !ttytickets default.
==ml
--
Michael W
On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote:
I've noticed that the sudo on OpenBSD seems to have !ttytickets set by
default. In other words, I authenticate sudo once on, say, ttyp4, and
all of my login sessions on all my other ttyp* have authenticated to
sudo.
This, well
I can't say whether this is the thinking of the OpenBSD developers,
but I have seen some concerns over the years that tty_tickets gives
a false sense of security.
Not to mention the annoyance.
Miod
Hi,
I've noticed that the sudo on OpenBSD seems to have !ttytickets set by
default. In other words, I authenticate sudo once on, say, ttyp4, and
all of my login sessions on all my other ttyp* have authenticated to
sudo.
This, well, kind of surprised me. I'm sure you folks have thought
Thus said Michael W. Lucas on Wed, 11 Sep 2013 20:59:08 -0400:
This, well, kind of surprised me. I'm sure you folks have thought this
through in much more detail than I have, but I can't find anything on
the rationale behind it.
Is sudo enabled for any non-root users by default?
Andy
Hi,
Today I found something weird on sudo behavior (at least I wasn't aware
of this). I logged in my server using ssh public key. Once I was in, I
executed 'sudo -i' to become root. My user has full sudo access using
password. Everything normal so far. Then I need it to open a new terminal
$ man sudo
On Mon, Oct 8, 2012 at 4:19 PM, Alvaro Mantilla Gimenez
alv...@alvaromantilla.com wrote:
Hi,
Today I found something weird on sudo behavior (at least I wasn't aware
of this). I logged in my server using ssh public key. Once I was in, I
executed 'sudo -i' to become root. My user
?? What are you trying to point me send me to the man page? The Once a
user has been authenticated, a timestamp is updated and the user may then
use sudo without a password for a short period of time (5 minutes unless
overridden in sudoers). part? I was aware of this. This is the normal sudo
This is normal behavior for the version of sudo that ships with
OpenBSD. You can enable per-tty timestamps by enabling the tty_tickets
option. E.g., in sudoers add a line like:
Defaults tty_tickets
- todd
Thanks Todd!!
2012/10/8 Todd C. Miller todd.mil...@courtesan.com
This is normal behavior for the version of sudo that ships with
OpenBSD. You can enable per-tty timestamps by enabling the tty_tickets
option. E.g., in sudoers add a line like:
Defaults tty_tickets
- todd
1 - 100 of 211 matches
Mail list logo