Two equal sudoers but different behavior on different linux versions? (perhaps wildcard issue)
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
my situation is the following:
A special user for a special use case needs an extra entry in the /etc/sudoers file (note the wildcard in there).
balabolka ALL=(ALL) NOPASSWD: /home/balabolka/software/*/System/script.sh, /home/balabolka/rm_output.bash, /home/balabolka/rm_software.bash, /bin/tar
/etc/issue of machine 1:
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel r (l).
/etc/issue on machine 2:
Welcome to SUSE Linux Enterprise Server 12 SP1 (x86_64) - Kernel r (l).
On machine 2, all those commands run with sudo as wished.
On the older machine 1, a password prompt shows up. And even if it is typed in, it says Sorry, user balabolka is not allowed to execute './script.sh' as root on MACHINE1.
Note that all the other commands (the two scripts and tar) still can be run as root without a password, only the one with the wildcard cannot.
If the wildcard in the sudoers is replaced by the actual name, it runs on machine 1, too. The problem: The name of this folder changes from time to time due a newer version of the script. But it is always the only one folder in the software directory. So my questions are:
Is the SLES 9 version unable to 'read' wildcards in sudoers (also in SLES 10 btw., yeah I know, lot of old stuff)? If it is so, is there a portable solution? If not, what could I do about that? e.g. a wildcard says "all", but in my case a possible solution would also be "the first", "the last", "that what you would pick if i pressed TAB" ;)
Thanks in advance
sudo root sles asterisk
asked Apr 3 at 14:29
Dewdrop
1
add a comment |Â
up vote
0
down vote
favorite
my situation is the following:
A special user for a special use case needs an extra entry in the /etc/sudoers file (note the wildcard in there).
balabolka ALL=(ALL) NOPASSWD: /home/balabolka/software/*/System/script.sh, /home/balabolka/rm_output.bash, /home/balabolka/rm_software.bash, /bin/tar
/etc/issue of machine 1:
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel r (l).
/etc/issue on machine 2:
Welcome to SUSE Linux Enterprise Server 12 SP1 (x86_64) - Kernel r (l).
On machine 2, all those commands run with sudo as wished.
On the older machine 1, a password prompt shows up. And even if it is typed in, it says Sorry, user balabolka is not allowed to execute './script.sh' as root on MACHINE1.
Note that all the other commands (the two scripts and tar) still can be run as root without a password, only the one with the wildcard cannot.
If the wildcard in the sudoers is replaced by the actual name, it runs on machine 1, too. The problem: The name of this folder changes from time to time due a newer version of the script. But it is always the only one folder in the software directory. So my questions are:
Is the SLES 9 version unable to 'read' wildcards in sudoers (also in SLES 10 btw., yeah I know, lot of old stuff)? If it is so, is there a portable solution? If not, what could I do about that? e.g. a wildcard says "all", but in my case a possible solution would also be "the first", "the last", "that what you would pick if i pressed TAB" ;)
Thanks in advance
sudo root sles asterisk
asked Apr 3 at 14:29
Dewdrop
1
1
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
my situation is the following:
A special user for a special use case needs an extra entry in the /etc/sudoers file (note the wildcard in there).
balabolka ALL=(ALL) NOPASSWD: /home/balabolka/software/*/System/script.sh, /home/balabolka/rm_output.bash, /home/balabolka/rm_software.bash, /bin/tar
/etc/issue of machine 1:
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel r (l).
/etc/issue on machine 2:
Welcome to SUSE Linux Enterprise Server 12 SP1 (x86_64) - Kernel r (l).
On machine 2, all those commands run with sudo as wished.
On the older machine 1, a password prompt shows up. And even if it is typed in, it says Sorry, user balabolka is not allowed to execute './script.sh' as root on MACHINE1.
Note that all the other commands (the two scripts and tar) still can be run as root without a password, only the one with the wildcard cannot.
If the wildcard in the sudoers is replaced by the actual name, it runs on machine 1, too. The problem: The name of this folder changes from time to time due a newer version of the script. But it is always the only one folder in the software directory. So my questions are:
Is the SLES 9 version unable to 'read' wildcards in sudoers (also in SLES 10 btw., yeah I know, lot of old stuff)? If it is so, is there a portable solution? If not, what could I do about that? e.g. a wildcard says "all", but in my case a possible solution would also be "the first", "the last", "that what you would pick if i pressed TAB" ;)
Thanks in advance
sudo root sles asterisk
asked Apr 3 at 14:29
Dewdrop
1
my situation is the following:
A special user for a special use case needs an extra entry in the /etc/sudoers file (note the wildcard in there).
balabolka ALL=(ALL) NOPASSWD: /home/balabolka/software/*/System/script.sh, /home/balabolka/rm_output.bash, /home/balabolka/rm_software.bash, /bin/tar
/etc/issue of machine 1:
Welcome to SUSE LINUX Enterprise Server 9 (i586) - Kernel r (l).
/etc/issue on machine 2:
Welcome to SUSE Linux Enterprise Server 12 SP1 (x86_64) - Kernel r (l).
On machine 2, all those commands run with sudo as wished.
On the older machine 1, a password prompt shows up. And even if it is typed in, it says Sorry, user balabolka is not allowed to execute './script.sh' as root on MACHINE1.
Note that all the other commands (the two scripts and tar) still can be run as root without a password, only the one with the wildcard cannot.
If the wildcard in the sudoers is replaced by the actual name, it runs on machine 1, too. The problem: The name of this folder changes from time to time due a newer version of the script. But it is always the only one folder in the software directory. So my questions are:
Is the SLES 9 version unable to 'read' wildcards in sudoers (also in SLES 10 btw., yeah I know, lot of old stuff)? If it is so, is there a portable solution? If not, what could I do about that? e.g. a wildcard says "all", but in my case a possible solution would also be "the first", "the last", "that what you would pick if i pressed TAB" ;)
Thanks in advance
sudo root sles asterisk
asked Apr 3 at 14:29
Dewdrop
1
asked Apr 3 at 14:29
Dewdrop
1
asked Apr 3 at 14:29
Dewdrop
1
asked Apr 3 at 14:29
Dewdrop
1
1
1
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34
add a comment |Â
1
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34
1
1
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f435294%2ftwo-equal-sudoers-but-different-behavior-on-different-linux-versions-perhaps-w%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Are you or the user able to maintain a link (always the same name) that points to the directory name that changes?
– Christopher
Apr 3 at 14:36
Good idea. This is a suitable workaround for me. Thanks
– Dewdrop
Apr 4 at 6:34