Project

General

Profile

Actions

Bug #13280

open

multiple line for user in technique sudoers

Added by Maxime Longuet over 6 years ago. Updated about 6 years ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Techniques
Target version:
-
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Medium
Priority:
58
Name check:
Fix check:
Regression:

Description

Hello,

I'm use technique sudoers and when a user modify on the server /etc/sudoers with visudo, rudder add new line for this user and not repair or delete the other line of this user.

For example if i'm change line Debian-snmp on node and run again rudder agent i've two line :

Debian-snmp    ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /bin/wget
Debian-snmp    ALL=(ALL) NOPASSWD:/usr/bin/apt-get --simulate upgrade, /bin/grep, /usr/bin/mailq

If i'm read the description of technique :

  • This technique configures the sudo utility. It will ensure that the defined rights for given users and groups are correctly defined.

it does not seem to be really that :)

Technique name
Sudoers version 3.0

Rudder 4.1

Actions #1

Updated by François ARMAND about 6 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 75

Hum. The underlying implementation make that hard, and we fear that the technique need to be changed a lot to correct the underlying problem (use a template based approach? Add an "that user must have exactly that right an no other line" option?)

Actions #2

Updated by Benoît PECCATTE about 6 years ago

  • Effort required set to Medium
  • Priority changed from 75 to 58
Actions

Also available in: Atom PDF