KB-2988: Group sudoers file syntax not working after update to sudo v1.8

Tips for finding Knowledge Articles

- Enter just a few key words related to your question or problem
- Add Key words to refine your search as necessary
- Do not use punctuation
- Search is not case sensitive
- Avoid non-descriptive filler words like "how", "the", "what", etc.
- If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
- Minimum supported Internet Explorer version is IE9

Home >

KB-2988: Group sudoers file syntax not working after update to sudo v1.8

Product:

Authentication Service ,

Published:

12 April,16 at 11:31 AM

Rating:

Applies to: All versions of Centrify DirectControl on RedHat/Centos 6.4. & Sudo v1.8. (note: Redhat 6.4 has moved from using Sudo v1.7 to v1.8)

Problem:

The following sudo lines do not work, despite the group being listed in both parameters (auto.schema.groups and auto.schema.allow.groups) in /etc/centrifydc/centrifydc.conf

The sudo version is 1.8

In the following example, "security admins" is the test group. Notice the space in the group name. Normally, the spaces are escaped with backslashes. The domain could also be specified previously.

%domain\\security\ admins ALL=(ALL) ALL

Or:

%domain\\security_admins ALL=(ALL) ALL

Both of the above should fail if a user in security admins tries to sudo to root.

Workaround:

Use underscores instead of spaces, additionally the feature for specifying a domain has been depreciated.

The following example will work:

%security_admins ALL=(ALL) ALL

Resolution:

None. This is how sudoers works in v1.8.

KB-2988: Group sudoers file syntax not working after update to sudo v1.8

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES

Related Articles

KB-2988: Group sudoers file syntax not working after update to sudo v1.8

Related Articles

PLATFORM

COMPANY

SERVICES

SUPPORT

COMMUNITIES

DEVELOPERS

RESOURCES