[sisyphus] Как разрешить работу sudo?
Dmitry A. Kharitonov
=?iso-8859-1?q?kharpost_=CE=C1_rambler=2Eru?=
Сб Авг 11 15:00:22 MSD 2007
Dmitry V. Levin пишет:
> On Sat, Aug 11, 2007 at 11:47:10AM +0400, Dmitry A. Kharitonov wrote:
> [...]
>> [10:23:13 root на localhost ~]# control
>> <skip>
>> su wheelonly (public wheel wheelonly restricted)
>> sudo unknown (public wheelonly restricted)
>> sudoers strict (strict relaxed)
>> <skip>
>> [10:24:25 root на localhost ~]# control sudo wheelonly
>> control: sudo: Requested wheelonly, got unknown
>
> У вас не сработал chmod и/или find;
> что-то очень странное с вашей системой, посмотрите на отладочный вывод от
> # sh -x /etc/control.d/facilities/sudo wheelonly
[14:51:46 root на localhost ~]# sh -x /etc/control.d/facilities/sudo wheelonly
+ . /etc/control.d/functions
++ NAME_LIST=
++ '[' -n wheelonly ']'
+ BINARY=/usr/bin/sudo
+ new_fmode public 4711 root root
+ register public
+ eval 'test -z "$REGISTERED_public"'
++ test -z ''
+ define REGISTERED public yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_public="yes"'
++ REGISTERED_public=yes
+ '[' -z '' ']'
+ NAME_LIST=public
+ define NAME_TO_FMODE public 4711
+ local arg=4711
+ '[' -z 4711 ']'
+ eval 'NAME_TO_FMODE_public="4711"'
++ NAME_TO_FMODE_public=4711
+ define NAME_TO_OWNER public root:root
+ local arg=root:root
+ '[' -z root:root ']'
+ eval 'NAME_TO_OWNER_public="root:root"'
++ NAME_TO_OWNER_public=root:root
+ define FMODE_OWNER_TO_NAME 4711_root_root public
+ local arg=public
+ '[' -z public ']'
+ eval 'FMODE_OWNER_TO_NAME_4711_root_root="public"'
++ FMODE_OWNER_TO_NAME_4711_root_root=public
+ new_fmode wheelonly 4710 root wheel
+ register wheelonly
+ eval 'test -z "$REGISTERED_wheelonly"'
++ test -z ''
+ define REGISTERED wheelonly yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_wheelonly="yes"'
++ REGISTERED_wheelonly=yes
+ '[' -z public ']'
+ NAME_LIST='public wheelonly'
+ define NAME_TO_FMODE wheelonly 4710
+ local arg=4710
+ '[' -z 4710 ']'
+ eval 'NAME_TO_FMODE_wheelonly="4710"'
++ NAME_TO_FMODE_wheelonly=4710
+ define NAME_TO_OWNER wheelonly root:wheel
+ local arg=root:wheel
+ '[' -z root:wheel ']'
+ eval 'NAME_TO_OWNER_wheelonly="root:wheel"'
++ NAME_TO_OWNER_wheelonly=root:wheel
+ define FMODE_OWNER_TO_NAME 4710_root_wheel wheelonly
+ local arg=wheelonly
+ '[' -z wheelonly ']'
+ eval 'FMODE_OWNER_TO_NAME_4710_root_wheel="wheelonly"'
++ FMODE_OWNER_TO_NAME_4710_root_wheel=wheelonly
+ new_fmode restricted 700 root root
+ register restricted
+ eval 'test -z "$REGISTERED_restricted"'
++ test -z ''
+ define REGISTERED restricted yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_restricted="yes"'
++ REGISTERED_restricted=yes
+ '[' -z 'public wheelonly' ']'
+ NAME_LIST='public wheelonly restricted'
+ define NAME_TO_FMODE restricted 700
+ local arg=700
+ '[' -z 700 ']'
+ eval 'NAME_TO_FMODE_restricted="700"'
++ NAME_TO_FMODE_restricted=700
+ define NAME_TO_OWNER restricted root:root
+ local arg=root:root
+ '[' -z root:root ']'
+ eval 'NAME_TO_OWNER_restricted="root:root"'
++ NAME_TO_OWNER_restricted=root:root
+ define FMODE_OWNER_TO_NAME 700_root_root restricted
+ local arg=restricted
+ '[' -z restricted ']'
+ eval 'FMODE_OWNER_TO_NAME_700_root_root="restricted"'
++ FMODE_OWNER_TO_NAME_700_root_root=restricted
+ new_help public 'Any user can execute /usr/bin/sudo'
+ register public
+ eval 'test -z "$REGISTERED_public"'
++ test -z yes
+ return
+ define HELP_TO public 'Any user can execute /usr/bin/sudo'
+ local 'arg=Any user can execute /usr/bin/sudo'
+ '[' -z 'Any user can execute /usr/bin/sudo' ']'
+ eval 'HELP_TO_public="Any user can execute /usr/bin/sudo"'
++ HELP_TO_public='Any user can execute /usr/bin/sudo'
+ new_help wheelonly 'Only "wheel" group members can execute /usr/bin/sudo'
+ register wheelonly
+ eval 'test -z "$REGISTERED_wheelonly"'
++ test -z yes
+ return
+ define HELP_TO wheelonly 'Only "wheel" group members can execute
/usr/bin/sudo'
+ local 'arg=Only "wheel" group members can execute /usr/bin/sudo'
+ '[' -z '' ']'
++ printf %s 'Only "wheel" group members can execute /usr/bin/sudo'
++ sed -e 's/["$`\]/\\&/g'
+ arg='Only \"wheel\" group members can execute /usr/bin/sudo'
+ eval 'HELP_TO_wheelonly="Only \"wheel\" group members can execute
/usr/bin/sudo"'
++ HELP_TO_wheelonly='Only "wheel" group members can execute /usr/bin/sudo'
+ new_help restricted 'Only root can execute /usr/bin/sudo'
+ register restricted
+ eval 'test -z "$REGISTERED_restricted"'
++ test -z yes
+ return
+ define HELP_TO restricted 'Only root can execute /usr/bin/sudo'
+ local 'arg=Only root can execute /usr/bin/sudo'
+ '[' -z 'Only root can execute /usr/bin/sudo' ']'
+ eval 'HELP_TO_restricted="Only root can execute /usr/bin/sudo"'
++ HELP_TO_restricted='Only root can execute /usr/bin/sudo'
+ new_summary 'Execute a command as another user'
+ local 'arg=Execute a command as another user'
+ '[' -z 'Execute a command as another user' ']'
+ define SUMMARY FOR 'Execute a command as another user'
+ local 'arg=Execute a command as another user'
+ '[' -z 'Execute a command as another user' ']'
+ eval 'SUMMARY_FOR="Execute a command as another user"'
++ SUMMARY_FOR='Execute a command as another user'
+ control_fmode /usr/bin/sudo wheelonly
+ local FILE=/usr/bin/sudo REQUEST=wheelonly FMODE= OWNER=
+ case "$REQUEST" in
+ validate wheelonly
+ grep -q '^[a-z0-9_]*$'
+ printf %s wheelonly
+ lookup FMODE NAME_TO_FMODE wheelonly
+ eval 'FMODE="$NAME_TO_FMODE_wheelonly"'
++ FMODE=4710
+ lookup OWNER NAME_TO_OWNER wheelonly
+ eval 'OWNER="$NAME_TO_OWNER_wheelonly"'
++ OWNER=root:wheel
+ '[' -z 4710 -o -z root:wheel ']'
++ control_fmode_status /usr/bin/sudo
++ local FILE=/usr/bin/sudo STAT NAME=
+++ stat_file /usr/bin/sudo
+++ local PATHNAME=/usr/bin/sudo BASEPATH
+++ BASEPATH=/usr/bin
+++ find /usr/bin -maxdepth 1 -path /usr/bin/sudo -printf %m_%u_%g
++ STAT=
++ validate ''
++ printf %s ''
++ grep -q '^[a-z0-9_]*$'
++ '[' -n '' ']'
++ echo unknown
+ '[' unknown = wheelonly ']'
+ chown root:wheel /usr/bin/sudo
+ chmod 4710 /usr/bin/sudo
[14:51:52 root на localhost ~]# ls -l /usr/bin/sudo
-rws--x--- 1 root wheel 105768 Авг 6 00:00 /usr/bin/sudo
Вроде бы работает нормально. Похоже глючит отображалка.
[14:58:08 root на localhost ~]# sh -x /etc/control.d/facilities/sudo
+ . /etc/control.d/functions
++ NAME_LIST=
++ '[' -n '' ']'
++ set - status
unknown
Подробная информация о списке рассылки Sisyphus