Re: migrate python script from sudo to doas

Hi Vincent, Am 03.11.2018 um 07:22 schrieb vincent delft: Hello Markus, I cannot reproduce your problem. As you can see here under I can create a user "test1" on the command line, and, with the same userid, I can create it with python2 and python3 too. (I'm running 6.4) I see 2 possible

Re: migrate python script from sudo to doas

at wrote: > Hi, > > as I stated before on a cmd is no problem, Im using 6.4 release > > > Am 30.10.2018 um 12:56 schrieb Solene Rapenne: > > Markus Rosjat wrote: > >> hi all, > >> > >> I have some old python scripts that using os.spawnl to execute s

Re: migrate python script from sudo to doas

install sudo package using the "pointing a cannon at a sparrow" approach :( regards -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107

Re: migrate python script from sudo to doas

Hello, On Tue, Oct 30, 2018 at 12:33 PM Markus Rosjat wrote: > exit = subprocess.check_call(['doas', 'useradd', '-u %s' % user_id, > '-g =uid', > '-s /sbin/nologin', > '-d %s' % mb_parent_dir, > user_name]) Maybe you should try like the following: cmd = ['doas', 'useradd', '-u', user_id,

Re: migrate python script from sudo to doas

Hi, as I stated before on a cmd is no problem, Im using 6.4 release Am 30.10.2018 um 12:56 schrieb Solene Rapenne: Markus Rosjat wrote: hi all, I have some old python scripts that using os.spawnl to execute stuff like useradd  combined with sudo. This worked just fine on systems with sudo

Re: migrate python script from sudo to doas

Markus Rosjat wrote: > hi all, > > I have some old python scripts that using os.spawnl to execute stuff > like useradd  combined with sudo. This worked just fine on systems with > sudo installed  but these days we have doas and its totally enough for > things I use to do s

migrate python script from sudo to doas

hi all, I have some old python scripts that using os.spawnl to execute stuff like useradd  combined with sudo. This worked just fine on systems with sudo installed  but these days we have doas and its totally enough for things I use to do so I said to myself "lets update these old sc

Re: sudoreplay in sudo 1.8.21 on 6.2-snapshot

This is fixed in sudo 1.8.21p1. It's in ports now but you'll need to wait a bit for a prebuild package, though you can of course build your own. - todd

Re: sudoreplay in sudo 1.8.21 on 6.2-snapshot

The sudoreplay event loop was rewritten in 1.8.21. The bug only occurs when logging input as well as output. I've reproduced this now and will debug it later today. - todd

sudoreplay in sudo 1.8.21 on 6.2-snapshot

Using sudoreplay with log_input and log_output on OpenBSD I recently encountered: After updating to sudo-1.8.21 today when I do "sudoreplay " the session begins but does not proceed to the next screens. Last worked in sudo-1.8.20p2 still works fine. I've tried this with sudorepl

Re: pkg_mgr, ntfs_3g, sudo, partition access.

Mohammad, On Sat, Apr 23, 2016 at 08:59:41AM -0500, Edgar Pettijohn wrote: > man disklabel > To find your DUID use doas disklabel sd1. You will have a multiline output with one line similar to: duid: 3e35f72eb60d84ba. That is what you will use in your /etc/fstab. However I would strongly

Re: pkg_mgr, ntfs_3g, sudo, partition access.

man disklabel Scroll down to the first example. Sent from my iPhone > On Apr 23, 2016, at 8:08 AM, Mohammad BadieZadegan wrote: > > Thanks Paul, It's resolve my issue! Bravo. > Thanks ludovic, I had bad chance in network speed at that time and when I > repeat your command

Re: pkg_mgr, ntfs_3g, sudo, partition access.

Thanks Paul, It's resolve my issue! Bravo. Thanks ludovic, I had bad chance in network speed at that time and when I repeat your command it resolve my issue! Dear Chris, I have 2 other partitions other than my OpenBSD and I don't know my HDD partitions IDs to append in my fstab! How can I know

Re: pkg_mgr, ntfs_3g, sudo, partition access.

> 2. I installed ntfs_3g but still I can not write over ntfs flash usb! How > can I do that? Are you using the mount(8) command? Do not! Use ntfs-3g(8).

Re: pkg_mgr, ntfs_3g, sudo, partition access.

On Sat, Apr 23, 2016 at 02:52:37PM +0430, Mohammad BadieZadegan wrote: > 3. How can I access to my other HDD partitions? > Best Regards, > You can edit the /etc/fstab file to also mount those other partitions onto directories you create on the boot drive. This will happen when booting. mkdir

Re: pkg_mgr, ntfs_3g, sudo, partition access.

2016-04-23 12:22 GMT+02:00 Mohammad BadieZadegan <mbzade...@gmail.com>: > Hi everybody, > I have installed OpenBSD5.9 on my HDD last partition successfully. > I have 3 questions about this latest release after reading the OpenBSD FAQ > page, > 1. How can I install pkg_mgr, su

pkg_mgr, ntfs_3g, sudo, partition access.

Hi everybody, I have installed OpenBSD5.9 on my HDD last partition successfully. I have 3 questions about this latest release after reading the OpenBSD FAQ page, 1. How can I install pkg_mgr, sudo, as older releases? 2. I installed ntfs_3g but still I can not write over ntfs flash usb! How can I

Re: sudo and globbing

On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > And what about difference? Explain please. > > > > I discovered an article about sudo and globbing[1] and > > > there's difference how it does work on Linux and OpenBSD. > > > > http://zurl

Re: sudo and globbing

On 2016 Jan 08 (Fri) at 05:52:32 -0500 (-0500), Jiri B wrote: :On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: :> And what about difference? Explain please. :> :> > > I discovered an article about sudo and globbing[1] and :> > > there's difference h

Re: sudo and globbing

11:52:32 AM GMT+01:00, Jiri B <ji...@devio.us> wrote: > >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > >> And what about difference? Explain please. > >> > >> > > I discovered an article about sudo and globbing[1] and >

Re: sudo and globbing

And what about difference? Explain please. On Thu, Jan 7, 2016 at 7:03 PM, Jiri B <ji...@devio.us> wrote: > On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote: > > I discovered an article about sudo and globbing[1] and > > there's difference how it does work on Lin

Re: sudo and globbing

On Thu, Jan 07, 2016 at 04:43:14PM GMT, Jiri B wrote: > I discovered an article about sudo and globbing[1] and > there's difference how it does work on Linux and OpenBSD. AFAIK, globbing is done by shell and sudo doesn't take part in it. > # su -s /usr/local/bin/bash

Re: sudo and globbing

2016-01-08 11:52 GMT+01:00 Jiri B <ji...@devio.us>: > > So the question is: why does same command on equally "restricted" dir > path gets different output - why on openbsd does '*' get expanded > immediatelly but on linux is it taken into account somehow by sudo (?)

Re: sudo and globbing

On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B <ji...@devio.us> wrote: >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: >> And what about difference? Explain please. >> >> > > I discovered an article about sudo and globbing[1] and >>

Re: sudo and globbing

You are comparing two very different versions of sudo. The sudo that used to ship with OpenBSD is version 1.7.2p8 which is rather ancient. On Linux you probably have some variant of sudo 1.8.x. Newer versions of sudo escape spaces in the command run via "sudo -s" whereas the ancient 1.

Re: sudo and globbing

On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote: > I discovered an article about sudo and globbing[1] and > there's difference how it does work on Linux and OpenBSD. I forgot to put the url http://zurlinux.com/?p=2244 > - openbsd > > # su -s /usr/local/bin/bash - n

Re: feedback doas / sudo / xfce-extras

I forwarded to landry@ Thank you. Heiko Am 21.08.2015 um 16:16 schrieb Stuart Henderson: On 2015-08-21, Heiko Zimmermann open...@heiko-zimmermann.com wrote: Hello Tedu, I'm using xfce. I tried to pkg_delete sudo because of doas. doas is working fine for me. But I cant remove sudo because

feedback doas / sudo / xfce-extras

Hello Tedu, I'm using xfce. I tried to pkg_delete sudo because of doas. doas is working fine for me. But I cant remove sudo because of dependencies. xfce-extras - xfce-mount - sudo. So I cant remove sudo without removing xfce-extras. Maybe - in future - there is a chance to integrate doas

Re: feedback doas / sudo / xfce-extras

On 2015-08-21, Heiko Zimmermann open...@heiko-zimmermann.com wrote: Hello Tedu, I'm using xfce. I tried to pkg_delete sudo because of doas. doas is working fine for me. But I cant remove sudo because of dependencies. xfce-extras - xfce-mount - sudo. So I cant remove sudo without removing

Re: no more sudo on openbsd 5.8

installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? I have setup the autoinstall for no root password and only one user account so I was wondering how do I run something

Re: no more sudo on openbsd 5.8

On 2015-08-07, John Naggets hostingnugg...@gmail.com wrote: Hello, I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? I have setup the autoinstall

no more sudo on openbsd 5.8

Hello, I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? I have setup the autoinstall for no root password and only one user account so I was wondering how do

Re: no more sudo on openbsd 5.8

On Fri, Aug 7, 2015 at 5:06 PM, John Naggets hostingnugg...@gmail.com wrote: Hello, I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? I have setup

Re: no more sudo on openbsd 5.8

On Fri, 07 Aug 2015 17:06:03 +0200, John Naggets wrote: I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? Yes, sudo has moved to ports. The new doas(1

Re: no more sudo on openbsd 5.8

On Fri, Aug 07, 2015 at 05:06:03PM +0200 or thereabouts, John Naggets wrote: Hello, I just installed OpenBSD snapshot (5.8) through an automated install and was surprise to login with my normal user and to find out that there is no sudo command available. Is this normal? I have setup

Re: passwd without argument in sudo

On Wed, 15 Jul 2015 14:51:00 +0200, Alex Greif wrote: when I 'sudo su - ' into a root shell and issue a 'passwd' without a username argument, then it does not try to change the passwd for the current user (in this case root) but for the user from which I issued the 'sudo'. This is because

passwd without argument in sudo

Hi, with the current 5.8 snapshot I have a question on the following passwd(1) behaviour: when I 'sudo su - ' into a root shell and issue a 'passwd' without a username argument, then it does not try to change the passwd for the current user (in this case root) but for the user from which I

Re: Have sudo and login changed between 5.6 and 5.7?

special login classes. Once logged in, when I try to sudo -H -u userB firefox it appears to try to start firefox, then give up. Nothing special in the logs, that I have noticed. Similar in 5.6, but more noise from firefox, so that I can see it is trying to start. No error message in /var/log

Re: Have sudo and login changed between 5.6 and 5.7?

for owner and group. userA is a member of the bubble group. Login says the home directory does not exist. When I make /home/bubble world readable, login finds the home directory. 5.6 has the same behavior here, even without special login classes. Once logged in, when I try to sudo -H -u userB

Have sudo and login changed between 5.6 and 5.7?

directory does not exist. When I make /home/bubble world readable, login finds the home directory. Once logged in, when I try to sudo -H -u userB firefox it appears to try to start firefox, then give up. Nothing special in the logs, that I have noticed. userB is s a member of the userA group. sudo-ing

Re: sudo nohup tcpdump at startup

commands were correctly invoked, for example: /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null but not tcpdump in this specific form: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info The complete file is: # cat /etc/rc.local /sbin/ifconfig

Re: sudo nohup tcpdump at startup

On 4.2.2015. 15:13, Todd C. Miller wrote: On Wed, 04 Feb 2015 15:06:41 +0100, Hrvoje Popovski wrote: is there any problem to just put this in crontab? @reboot /usr/sbin/tcpdump -lnqttti pflog0 2 error.log | /usr/bin/logger -t pf -p local2.info You should not try to run the command in

Re: sudo nohup tcpdump at startup

On Wed, 04 Feb 2015 15:06:41 +0100, Hrvoje Popovski wrote: is there any problem to just put this in crontab? @reboot /usr/sbin/tcpdump -lnqttti pflog0 2 error.log | /usr/bin/logger -t pf -p local2.info You should not try to run the command in the background since cron runs commands

Re: sudo nohup tcpdump at startup

correctly invoked, for example: /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null but not tcpdump in this specific form: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info The complete file is: # cat /etc/rc.local /sbin/ifconfig pflog0 up

Re: sudo nohup tcpdump at startup

On 2015-02-03 04:16:04, Ted Unangst t...@tedunangst.com wrote: This is the kind of thing I usually put in a small script, and add to root's crontab. I don't think you need the nohup and sudo, that's probably just complicating things. e.g. #!/bin/sh tcpdump -n | logger 2 error.log

Re: sudo nohup tcpdump at startup

On 2015-02-02 Mon 20:03 PM |, fRANz wrote: # cat /etc/rc.local /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info ? /etc/rc.local is run by root on boot. Check the environment rc.local

Re: sudo nohup tcpdump at startup

, for example: /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null but not tcpdump in this specific form: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info The complete file is: # cat /etc/rc.local /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev

Re: sudo nohup tcpdump at startup

pflog0 up /sbin/pflogd -f /dev/null but not tcpdump in this specific form: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info The complete file is: # cat /etc/rc.local /sbin/ifconfig pflog0 up /sbin/pflogd -f /dev/null sudo nohup tcpdump -n -v -l

Re: sudo nohup tcpdump at startup

suggestion is that you call tmux from /etc/rc.local using su -c to make it run as another user and then give that user permission to sudo to root for running the tcpdump command. This way you avoid needing to ssh as root to the machine, and can also filter which commands the user can run in /etc

Re: sudo nohup tcpdump at startup

to make it run as another user and then give that user permission to sudo to root for running the tcpdump command. This way you avoid needing to ssh as root to the machine, and can also filter which commands the user can run in /etc/sudoers. Hello Giancarlo, nice tip, I'll try! -f

sudo nohup tcpdump at startup

Hello guys, I implemented this config: http://home.nuug.no/~peter/pf/newest/log2syslog.html in order to stream pf logs to a remote machine. If I add the command: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block | logger -t pf -p local2.info to the /etc/rc.local file and reboot

Re: sudo nohup tcpdump at startup

On Thu, 29 Jan 2015 20:56:50 +0100 fRANz andrea.francesc...@gmail.com wrote: Hello guys, I implemented this config: http://home.nuug.no/~peter/pf/newest/log2syslog.html in order to stream pf logs to a remote machine. If I add the command: sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0

Re: Fix xfe (Was: sudo bad practice or inconsistency?)

/bin/sh between su and root. I'm confused: just22@poseidon:[~] sudo su -s /bin/sh root -c date Sat Oct 18 07:21:40 CEST 2014 just22@poseidon:[~] su -s /bin/sh root -c date su: only the superuser may specify a login shell (this is really weird). That is not weird. sudo changes user

Re: sudo bad practice or inconsistency?

Alessandro DE LAURENZIS just22.adl at gmail.com writes: (line-wrapped because of GMane) #define SUDOCMD -fn 7x14 -geometry 60x4 -e sudo su -c 'nohup \ xfe /dev/null sleep 1' ^^ Note that this will not work on OpenBSD anyway; even mksh, which does implement this bashism, will not parse

Fix xfe (Was: sudo bad practice or inconsistency?)

From: Thorsten Glaser t...@mirbsd.org Date: Fri, Oct 17, 2014 at 10:44 AM Subject: Re: sudo bad practice or inconsistency? To: misc@openbsd.org Alessandro DE LAURENZIS just22.adl at gmail.com writes: (line-wrapped because of GMane) #define SUDOCMD -fn 7x14 -geometry 60x4 -e sudo su

Re: Fix xfe (Was: sudo bad practice or inconsistency?)

On Fri, Oct 17, 2014 at 05:51:08AM -0600, David Coppa wrote: From: Thorsten Glaser t...@mirbsd.org Date: Fri, Oct 17, 2014 at 10:44 AM Subject: Re: sudo bad practice or inconsistency? To: misc@openbsd.org Alessandro DE LAURENZIS just22.adl at gmail.com writes: (line-wrapped

Re: Fix xfe (Was: sudo bad practice or inconsistency?)

On Fri 17/10 17:39, Raimo Niskanen wrote: As I read the man page for su it is the target's login shell that is invoked, and it need not always be /bin/sh - it can be changed. Therefore I suspect that you want -s /bin/sh between su and root. I'm confused: just22@poseidon:[~] sudo su -s

sudo bad practice or inconsistency?

Dear list, I was playing with xfe (which by the way I consider a great program) and noticed that opening a root window with sudo in OBSD doesn't work. After a bit of debugging, I found out that the root cause is the following definition inside xfedefs.h: #define SUDOCMD -fn 7x14 -geometry 60x4

Re: sudo bad practice or inconsistency?

On Tue, 14 Oct 2014 20:58:56 +0200, Alessandro DE LAURENZIS wrote: Now, launching sudo that way returns an error: just22@poseidon:[xfe] sudo su -c ls su: no such login class: ls so basically sudo is parsing the -c option instead of passing it to su. Probably this is just a bad practice

Re: sudo bad practice or inconsistency?

just22@poseidon:[xfe] sudo su -c ls su: no such login class: ls so basically sudo is parsing the -c option instead of passing it to su. No, it is not. If it were, the error message would come from sudo, not from su. And, in any case, why the same command works in Linux? do they use

Re: sudo bad practice or inconsistency?

On Tue 14/10 19:08, Miod Vallat wrote: just22@poseidon:[xfe] sudo su -c ls su: no such login class: ls so basically sudo is parsing the -c option instead of passing it to su. No, it is not. If it were, the error message would come from sudo, not from su. And, in any case, why

Re: sudo -u environment help

FYI;- The sudo users mailing list quickly said the 3 issues I identified are known bugs, which have been fixed in newer sudo versions. http://www.sudo.ws/sudo/stable.html The current stable release of sudo is 1.8.10p3 $ sudo -V Sudo version 1.7.2p8 $ uname -a OpenBSD teak.britvault.co.uk 5.4

Re: sudo -u environment help

some aliases, nothing major. This arrangement works fine when logging in directly, or via sudo su -l user From my reading of sudo(8), I thought the same environment could be gained with something like sudo -H -i -u username. Am I missing sudo flags or settings in /etc/sudoers? On 2014

Re: sudo -u environment help

To clarify, there are no ~/. shell dot files. $PATH umask are set in /etc/login.conf $MAIL is the default set by login(1) /etc/profile sources /etc/ksh.kshrc, which just sets $PS1, window decor some aliases, nothing major. This arrangement works fine when logging in directly, or via sudo su

Re: sudo -u environment help

On Fri, Apr 4, 2014 at 6:00 AM, Craig R. Skinner skin...@britvault.co.uk wrote: Hi, When sudo'ing to another user, how can I obtain all of their environment settings as they receive when logging in themselves? When I use sudo in this manner, settings such as $PATH, $MAIL umask aren't being

Re: sudo -u environment help

use sudo in this manner, settings such as $PATH, $MAIL umask aren't being honoured: [...] You do that with `sudo -c - -l`: $ { ulimit -a; env; } ea $ sudo -c - -i 'ulimit -a; env' eb $ diff -u ea e --- ea Tue Apr 8 07:13:11 2014 +++ eb Tue Apr 8 07:14:22 2014 @@ -1,29 +1,24 @@ time

Re: sudo -u environment help

On 2014-04-08 Tue 07:17 AM |, Andres Perera wrote: You do that with `sudo -c - -l`: $ sudo -c - -i 'ulimit -a; env' eb $ diff -u ea e --- ea Tue Apr 8 07:13:11 2014 +++ eb Tue Apr 8 07:14:22 2014 @@ -1,29 +1,24 @@ -LOGNAME=a +LOGNAME=root Also see `use_loginclass` in sudoers(5

Re: sudo -u environment help

On Fri, Apr 4, 2014, at 12:05 PM, David Coppa wrote: On Fri, Apr 4, 2014 at 7:01 PM, Todd norr...@gmail.com wrote: I think this should work sudo su - user Sure, it works. I often use it. sudo -s user should work as well I think. -- Shawn K. Quinn skqu...@rushpost.com

Re: sudo -u environment help

On 2014-04-04 Fri 12:01 PM |, Todd wrote: I think this should work sudo su - user Yes, going via root works. How do I get the same user environment with something like: sudo -H -i -u username See below: When I use sudo in this manner, settings such as $PATH, $MAIL umask aren't

sudo -u environment help

Hi, When sudo'ing to another user, how can I obtain all of their environment settings as they receive when logging in themselves? When I use sudo in this manner, settings such as $PATH, $MAIL umask aren't being honoured: $ echo $LOGNAME; echo $PATH; echo $MAIL; umask craig /usr/bin:/bin:/usr

Re: sudo -u environment help

Quoting Craig R. Skinner skin...@britvault.co.uk: Hi, When sudo'ing to another user, how can I obtain all of their environment settings as they receive when logging in themselves? When I use sudo in this manner, settings such as $PATH, $MAIL umask aren't being honoured: $ echo $LOGNAME

Re: sudo -u environment help

sudo -i ? 04.04.2014 14:31 пользователь Craig R. Skinner skin...@britvault.co.uk написал: Hi, When sudo'ing to another user, how can I obtain all of their environment settings as they receive when logging in themselves? When I use sudo in this manner, settings

Re: sudo -u environment help

I think this should work sudo su - user On Fri, Apr 4, 2014 at 8:52 AM, Vadim Zhukov persg...@gmail.com wrote: sudo -i ? 04.04.2014 14:31 ÐÏÌØÚÏ×ÁÔÅÌØ Craig R. Skinner skin...@britvault.co.uk ÎÁÐÉÓÁÌ: Hi, When sudo'ing to another user, how can I obtain all of their environment

Re: sudo -u environment help

On Fri, Apr 4, 2014 at 7:01 PM, Todd norr...@gmail.com wrote: I think this should work sudo su - user Sure, it works. I often use it.

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

On Thu, 07 Nov 2013 00:08:00 -0500, Ted Unangst wrote: Is this the correct behavior? As I understand it, when I run sudo, it asks for my password because it wants me to prove I'm me. I don't have to authenticate as the destination user, so why is the destination user's auth style being used

Sudo no longer working with RADIUS logins after upgrade to 5.4

We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works fine, but when trying to use sudo to execute commands, I get incorrect password attempts in /var/log/secure. Transcript of this (server name censored to foo, user censored to user), log

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

Should also add that a /usr/bin/sudo binary copied over from a 5.3 machine works as expected. Thanks, Andrew Klettke Systems Admin Optic Fusion On 11/06/2013 11:17 AM, Andrew Klettke wrote: We're seeing a strange issue where logging into a newly-upgraded 5.4 machine with a RADIUS login works

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0) 32409 sudo NAMI /usr/libexec/auth/login_radius 32409 sudo STRU

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

The only change I see to sudo between 5.3 and 5.4 that might be related is this one. You could try backing it out via patch -R and see if the old behavior is restored. - todd Index: sudo.c === RCS file: /home/cvs/openbsd/src

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

On 11/06/13 20:47, Andrew Klettke wrote: Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat(0xcfbda248,0xcfbd9fe0) 32409 sudo NAMI /usr

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

On 11/06/2013 12:26 PM, Alexander Hall wrote: On 11/06/13 20:47, Andrew Klettke wrote: Hey man, hope you're doing well. The new version of sudo definitely breaks radius support somehow. Old binary on newly-upgraded server, calling login_radius as expected: 32409 sudo CALL lstat

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

@:\ :radius-challenge-styles=login: This is almost certainly caused by revision 1.45 of sudo.c. If you back that out (see my previous messages) and rebuild sudo that should fix it. Basically, sudo is using the authentication style of the destination user (in this case root) instead of the invoking user

Re: Sudo no longer working with RADIUS logins after upgrade to 5.4

On Wed, Nov 06, 2013 at 14:29, Todd C. Miller wrote: Basically, sudo is using the authentication style of the destination user (in this case root) instead of the invoking user. A workaround may be to configure root to use radius authentication. Is this the correct behavior? As I understand

Re: sudo configuration !ttytickets?

On Fri, 13 Sep 2013 12:44:45 +0200, Donovan Watteau wrote: Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? Yes, but the situation is no worse than with tty_tickets disabled. If you are really worried about this you can simply disable

Re: sudo configuration !ttytickets?

On 09/12/13 02:59, Michael W. Lucas wrote: Hi, I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised

Re: sudo configuration !ttytickets?

On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote: On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions

Re: sudo configuration !ttytickets?

On 09/13/13 06:44, Donovan Watteau wrote: On Thu, 12 Sep 2013 13:43:21 -0700, Todd C. Miller wrote: On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say

Re: sudo configuration !ttytickets?

On 09/13/13, Nick Holland wrote: On 09/13/13 06:44, Donovan Watteau wrote: Hi, Am I right thinking that sudo in base is still vulnerable to CVE-2013-1776 for those who enable tty_tickets? BTW, I was thinking about the following use case: PermitRootLogin set to no, and a simple

Re: sudo configuration !ttytickets?

On 2013-09-11 19:59, Michael W. Lucas wrote: This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. It seems insecure. Can anyone enlighten me as to the thinking here? I can't say

Re: sudo configuration !ttytickets?

anyone enlighten me as to the thinking here? I can't say whether this is the thinking of the OpenBSD developers, but I have seen some concerns over the years that tty_tickets gives a false sense of security. This is technically true. If you used sudo on any tty (ttyA), somebody at a different tty

Re: sudo configuration !ttytickets?

it. Is sudo enabled for any non-root users by default? Sudo isn't enabled for non-root users by default. It just seems a really strange default choice, one that nobody else shares. But I wouldn't be shocked if there's a really good reason for the !ttytickets default. ==ml -- Michael W

Re: sudo configuration !ttytickets?

On Wed, 11 Sep 2013 20:59:08 -0400, Michael W. Lucas wrote: I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well

Re: sudo configuration !ttytickets?

I can't say whether this is the thinking of the OpenBSD developers, but I have seen some concerns over the years that tty_tickets gives a false sense of security. Not to mention the annoyance. Miod

sudo configuration !ttytickets?

Hi, I've noticed that the sudo on OpenBSD seems to have !ttytickets set by default. In other words, I authenticate sudo once on, say, ttyp4, and all of my login sessions on all my other ttyp* have authenticated to sudo. This, well, kind of surprised me. I'm sure you folks have thought

Re: sudo configuration !ttytickets?

Thus said Michael W. Lucas on Wed, 11 Sep 2013 20:59:08 -0400: This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. Is sudo enabled for any non-root users by default? Andy

Weird sudo behavior?

Hi, Today I found something weird on sudo behavior (at least I wasn't aware of this). I logged in my server using ssh public key. Once I was in, I executed 'sudo -i' to become root. My user has full sudo access using password. Everything normal so far. Then I need it to open a new terminal

Re: Weird sudo behavior?

$ man sudo On Mon, Oct 8, 2012 at 4:19 PM, Alvaro Mantilla Gimenez alv...@alvaromantilla.com wrote: Hi, Today I found something weird on sudo behavior (at least I wasn't aware of this). I logged in my server using ssh public key. Once I was in, I executed 'sudo -i' to become root. My user

Re: Weird sudo behavior?

?? What are you trying to point me send me to the man page? The Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers). part? I was aware of this. This is the normal sudo

Re: Weird sudo behavior?

This is normal behavior for the version of sudo that ships with OpenBSD. You can enable per-tty timestamps by enabling the tty_tickets option. E.g., in sudoers add a line like: Defaults tty_tickets - todd

Re: Weird sudo behavior?

Thanks Todd!! 2012/10/8 Todd C. Miller todd.mil...@courtesan.com This is normal behavior for the version of sudo that ships with OpenBSD. You can enable per-tty timestamps by enabling the tty_tickets option. E.g., in sudoers add a line like: Defaults tty_tickets - todd

  1   2   3   >