We are experiencing the same symptoms with sudo (v1.8.16) as have been
previously reported in this bug.
On an Ubuntu 16.04 system short hostnames don't work in the sudoers file when
the 'fqdn' option is true (as it is by default). The documentation indicates
that the short form should still work with the fqdn option set.
Steps to reproduce:
On a system called 'ubuntu1604.example.com', put the following into sudoers:
%john ubuntu1604=(root) NOPASSWD: /bin/true
%john ubuntu1604.example.com=(root) NOPASSWD: /bin/false
Expected outcome:
sudo -l shows user 'john' is allowed to run:
(root) /bin/true
(root) /bin/false
Actual outcome:
sudo -l shows user 'john' is allowed to run:
(root) /bin/false
sudo -l -U john -h ubuntu1604 shows user 'john' is allowed to run:
(root) /bin/false
sudo -l -U test -h ubuntu1604.example.com shows user 'john' is allowed to run:
(root) /bin/true
(root) /bin/false
------
Sudo version 1.8.16
Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn
--with-logging=syslog --with-logfac=authpriv --with-env-editor
--with-editor=/usr/bin/editor --with-exampledir=/usr/share/doc/sudo/examples
--with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password
for %p: --without-lecture --with-tty-tickets --disable-root-mailer
--enable-admin-flag --with-sendmail=/usr/sbin/sendmail
--with-rundir=/var/run/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo
--with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux
--with-linux-audit
Sudoers policy plugin version 1.8.16
---------
root@bs-ubuntu1604:~# uname -a
Linux bs-ubuntu1604 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:50:30 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux
---------
root@bs-ubuntu1604:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 bs-ubuntu1604.ethz.ch bs-ubuntu1604
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
root@bs-ubuntu1604:~# hostname
bs-ubuntu1604
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1591137
Title:
sudo ignores shortname aliases in sudoers file
Status in sudo package in Ubuntu:
Confirmed
Bug description:
Our sudoers file contains host aliases which all work fine on versions
of Ubuntu < 16.04.
On 16.04, it has become necessary to include the FQDN of the machine
in order for sudo permissions to be granted. I have reproduced this
problem on two cleanly-installed servers.
i.e.
This entry in /etc/sudoers does not work for members of sudo group:-
%sudo ourserver
This entry in /etc/sudoers does work for members of sudo group:-
%sudo ourserver.our.domain
Extra information which may be of interest:
'hostname' returns the shortname on both Ub1604 and Ub1404
installations
/etc/hosts lists machines by fqdn and then shortname on both platforms, i.e.
ip.ad.dr.es ourserver.our.domain ourserver
/etc/resolv.conf is set to search our.domain, same on both platforms
sudo package version is 1.8.16-0ubuntu1.1
Bw
John
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1591137/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
