Actions
Bug #13280
open
multiple line for user in technique sudoers
Status:
New
Priority:
N/A
Assignee:
-
Category:
Techniques
Target version:
-
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Medium
Priority:
58
Name check:
Fix check:
Regression:
Description
Hello,
I'm use technique sudoers and when a user modify on the server /etc/sudoers with visudo, rudder add new line for this user and not repair or delete the other line of this user.
For example if i'm change line Debian-snmp on node and run again rudder agent i've two line :
Debian-snmp ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /bin/wget Debian-snmp ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /usr/bin/mailq
If i'm read the description of technique :
- This technique configures the sudo utility. It will ensure that the defined rights for given users and groups are correctly defined.
it does not seem to be really that :)
Technique name
Sudoers version 3.0
Rudder 4.1
Updated by François ARMAND about 6 years ago
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 75
Hum. The underlying implementation make that hard, and we fear that the technique need to be changed a lot to correct the underlying problem (use a template based approach? Add an "that user must have exactly that right an no other line" option?)
Updated by Benoît PECCATTE about 6 years ago
- Effort required set to Medium
- Priority changed from 75 to 58
Actions