Project

General

Profile

Actions

Bug #14381

open

Directive Sudoers allow both passwordless sudo and all commands.

Added by Matthew Frost over 5 years ago. Updated 5 months ago.

Status:
New
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

Hello Rudder,

During my testing yesterday we attempted to allow a user on our staging server to execute passwordless sudo and all commands, but we found that when you enable the following options in the directive:

  • Allow the entity to execute the given commands without entering his password (true)
  • Allow the entity to execute all commands (true)
  • Commands allowed to this entity - Optional (EMPTY)

The sudeors file results in the following:

#includedir /etc/sudoers.d
# begin_section_user
user    ALL=(ALL) ALL

This does allow the user to execute sudo commands but prompts for a password our goal would be to allow all sudo commands on staging without entering a password.

Thank you!

Actions #1

Updated by Alexis Mousset over 5 years ago

  • Description updated (diff)
  • Category set to Techniques
  • Target version set to 5.0.7
Actions #2

Updated by François ARMAND over 5 years ago

  • Target version changed from 5.0.7 to 5.0.9
Actions #3

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.9 to 5.0.10
Actions #4

Updated by Nicolas CHARLES over 5 years ago

Hi Matthew

What would be the expected content of sudo config file to achieve that correctly in your opinion?

Actions #5

Updated by Matthew Frost over 5 years ago

Hello Nicolas,

It would be:

myuser ALL=(ALL) NOPASSWD:ALL for a single user, or

%sudo ALL=(ALL) NOPASSWD:ALL for a group.

Actions #6

Updated by François ARMAND over 5 years ago

  • Assignee set to Félix DALLIDET
  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Getting started - demo | first install | Technique editor and level 1 Techniques
  • Priority changed from 0 to 93
Actions #7

Updated by François ARMAND over 5 years ago

  • Severity changed from Critical - prevents main use of Rudder | no workaround | data loss | security to Minor - inconvenience | misleading | easy workaround
  • Priority changed from 93 to 50

In fact, I misunderstood the problem: here, it asks for the password when it should not (so it's more minor than critical)

Actions #8

Updated by Félix DALLIDET over 5 years ago

  • Status changed from New to In progress
Actions #9

Updated by Félix DALLIDET over 5 years ago

I was unable to reproduce on a debian9 platform, I tested it in 5.0.6 and 5.0.9.
Could you double check if the issue is still relevant? If so, could you describe precisely the steps and environment needed to reproduce.

Actions #10

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.10 to 5.0.11
  • Priority changed from 50 to 49
Actions #11

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.11 to 5.0.12
Actions #12

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
  • Priority changed from 49 to 48
Actions #13

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.13 to 5.0.14
  • Priority changed from 48 to 47
Actions #14

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.14 to 5.0.15
  • Priority changed from 47 to 46
Actions #15

Updated by Vincent MEMBRÉ almost 5 years ago

  • Target version changed from 5.0.15 to 5.0.16
  • Priority changed from 46 to 44
Actions #16

Updated by Alexis Mousset almost 5 years ago

  • Target version changed from 5.0.16 to 5.0.17
  • Priority changed from 44 to 42
Actions #17

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #18

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.18 to 5.0.19
Actions #19

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 5.0.19 to 5.0.20
Actions #20

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 5.0.20 to 797
Actions #21

Updated by Benoît PECCATTE over 3 years ago

  • Target version changed from 797 to 6.1.14
Actions #22

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.14 to 6.1.15
Actions #23

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.15 to 6.1.16
Actions #24

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.16 to 6.1.17
Actions #25

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.17 to 6.1.18
Actions #26

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 6.1.18 to 6.1.19
Actions #27

Updated by Alexis Mousset almost 3 years ago

  • Status changed from In progress to New
Actions #28

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.19 to 6.1.20
  • Priority changed from 42 to 43
Actions #29

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.20 to 6.1.21
Actions #30

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 6.1.21 to old 6.1 issues to relocate
  • Priority changed from 43 to 44
Actions #31

Updated by Alexis Mousset 7 months ago

  • Target version changed from old 6.1 issues to relocate to 7.3.15
  • Priority changed from 44 to 0
Actions #32

Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 7.3.15 to 7.3.16
Actions #33

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 7.3.16 to 7.3.17
Actions

Also available in: Atom PDF