[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi] sudo make root a sandwich
|
From: |
Greg Chicares |
|
Subject: |
[lmi] sudo make root a sandwich |
|
Date: |
Mon, 18 May 2020 18:32:08 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
Vadim--On our corporate RHEL-7 server, we've been doing this:
$ cd /opt/lmi/src/lmi
$ sudo ./install_redhat.sh > ~/rhlog_$(date -u +'%Y%m%dT%H%MZ') 2>&1
successfully for months, until today--but now it's failing thus:
sudo --user="${NORMAL_USER}" ./lmi_setup_30.sh
root is not in the sudoers file. This incident will be reported.
We run the main script as su, but use 'sudo' to run one sub-script
as a normal user. The apparent reason why this now fails is that
ten hours ago /etc/sudoers was changed, and now it contains this
line (among about a thousand rules), where the '#' is a comment
symbol and not a root prompt:
#root ALL = (ALL) ALL
I see the same thing if I disconnect from the server, log back in
again, and immediately inspect /etc/sudoers (so it's not a weird
effect of nested sudoing).
I suppose this is just a silly mistake, but corporate mistakes
cannot be fixed. (I could probably fix it myself using sudo,
but that would be transgressive.)
I might just replace the offending line to run the sub-script
with excessive privileges:
- sudo --user="${NORMAL_USER}" ./lmi_setup_30.sh
+ ./lmi_setup_30.sh
because that's expedient; but is there a "proper" workaround?
'doas' has apparently been ported from BSD, but it doesn't
seem to be in RHEL. And
chmod 7777 lmi_setup_30.sh
just seems baneful.
- [lmi] sudo make root a sandwich,
Greg Chicares <=