freeipa

Clone
Source Code
GIT

#8168 sudo rule doesnt work
Closed: insufficientinfo 4 years ago by rcritten. Opened 4 years ago by elhamsadat.

Closed: insufficientinfo
Reopen Issue

Request for enhancement

As <persona, e.g. admin> , I want <what?> so that <why?>.

Issue

Hi friends
i define a SudoRule with this properties:

rulename : rsyslog_rule
Enabled : true
RunAs group Category : All
users :user-test
hosts: ipacli-irvlt01.mydomain.com
sudo Deny Commands : sudo /usr/bin/systemctl restart rsyslog

now i login with "user-test" into "ipacli-irvlt01" server and i try to run " sudo /usr/bin/systemctl restart rsyslog" command. i expected to doesnt allow to run this command but no action happend and i could run it!!!

why my sudo rule doesnt work?

Steps to Reproduce

1.
2.
3.

Actual behavior

allow to run deny command

Expected behavior

dont allow to run deny command

Version/Release/Distribution

$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server

Additional info:

this is less /var/log/sssd/sssd_domain.log:
(Sun Jan 12 13:59:01 2020) [sssd[be[lshs.dc]]] [orderly_shutdown] (0x0010): SIGTERM: killing children

this is /var/log/sssd/sssd_sudo.log
(Sun Jan 12 13:59:01 2020) [sssd[sudo]] [orderly_shutdown] (0x0010): SIGTERM: killing children

this is less /var/log/sudo_debug
Jan 12 14:19:27 sudo[17370] /etc/sudoers:53 CMNDALIAS ALIAS = COMMAND , COMMAND ARG , COMMAND ARG
Jan 12 14:19:27 sudo[17370] -> alias_add @ ./alias.c:120
Jan 12 14:19:27 sudo[17370] -> rcstr_addref @ ./rcstr.c:81
Jan 12 14:19:27 sudo[17370] <- rcstr_addref @ ./rcstr.c:88 := 0x55f2968e7714
Jan 12 14:19:27 sudo[17370] -> rbinsert @ ./redblack.c:177
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -13
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -6
Jan 12 14:19:27 sudo[17370] -> rotate_right @ ./redblack.c:147
Jan 12 14:19:27 sudo[17370] <- rotate_right @ ./redblack.c:163
Jan 12 14:19:27 sudo[17370] <- rbinsert @ ./redblack.c:265 := 0
Jan 12 14:19:27 sudo[17370] <- alias_add @ ./alias.c:143 := (null)
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_txt @ ./toke_util.c:52
Jan 12 14:19:27 sudo[17370] <- fill_txt @ ./toke_util.c:80 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff550
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff650
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff750
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff850
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ff950
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ffa50
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ffb50
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ffc50
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] /etc/sudoers:54 CMNDALIAS ALIAS = COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG
Jan 12 14:19:27 sudo[17370] -> alias_add @ ./alias.c:120
Jan 12 14:19:27 sudo[17370] -> rcstr_addref @ ./rcstr.c:81
Jan 12 14:19:27 sudo[17370] <- rcstr_addref @ ./rcstr.c:88 := 0x55f2968e7714
Jan 12 14:19:27 sudo[17370] -> rbinsert @ ./redblack.c:177
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := 7
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -3
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -3
Jan 12 14:19:27 sudo[17370] <- rbinsert @ ./redblack.c:265 := 0
Jan 12 14:19:27 sudo[17370] <- alias_add @ ./alias.c:143 := (null)
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_txt @ ./toke_util.c:52
Jan 12 14:19:27 sudo[17370] <- fill_txt @ ./toke_util.c:80 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ffdd0
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968ffed0
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2968fffd0
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_cmnd @ ./toke_util.c:103
Jan 12 14:19:27 sudo[17370] <- fill_cmnd @ ./toke_util.c:124 := true
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] -> fill_args @ ./toke_util.c:132
Jan 12 14:19:27 sudo[17370] <- fill_args @ ./toke_util.c:162 := true
Jan 12 14:19:27 sudo[17370] -> new_member @ gram.y:956
Jan 12 14:19:27 sudo[17370] <- new_member @ gram.y:968 := 0x55f2969000d0
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_append_v1 @ ./lbuf.c:159
Jan 12 14:19:27 sudo[17370] -> sudo_lbuf_expand @ ./lbuf.c:69
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_expand @ ./lbuf.c:87 := true
Jan 12 14:19:27 sudo[17370] <- sudo_lbuf_append_v1 @ ./lbuf.c:190 := true
Jan 12 14:19:27 sudo[17370] /etc/sudoers:55 CMNDALIAS ALIAS = COMMAND ARG , COMMAND ARG , COMMAND ARG , COMMAND ARG
Jan 12 14:19:27 sudo[17370] -> alias_add @ ./alias.c:120
Jan 12 14:19:27 sudo[17370] -> rcstr_addref @ ./rcstr.c:81
Jan 12 14:19:27 sudo[17370] <- rcstr_addref @ ./rcstr.c:88 := 0x55f2968e7714
Jan 12 14:19:27 sudo[17370] -> rbinsert @ ./redblack.c:177
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -10
Jan 12 14:19:27 sudo[17370] -> alias_compare @ ./alias.c:54
Jan 12 14:19:27 sudo[17370] <- alias_compare @ ./alias.c:62 := -4

Hi,
the sudo Deny Commands in your example is defined as sudo /usr/bin/systemctl restart rsyslog. Can you try to define /usr/bin/systemctl restart rsyslog instead?

Did this answer your question?

Metadata Update from @rcritten:
- Issue close_status updated to: insufficientinfo
- Issue status updated to: Closed (was: Open)
4 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.