RE: runas_default= not working as expected. Dropping to root.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
RE: runas_default= not working as expected. Dropping to root.
- From: "Sotomayor, Vicente (ITD)" <vicente.sotomayor [at] state.ma.us>
- To: "arjen [at] itcloud.nl" <arjen [at] itcloud.nl>, "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: RE: runas_default= not working as expected. Dropping to root.
- Date: Thu, 28 Jul 2011 09:18:32 -0400
Seems that sudo -i behaved correctly in that gave you a root prompt. I don't
how it could gave you tomcat acccess with the rules that you have,
Could it be that this is in the wrong place? Should be a sudo rule and not an
option?
sudo: ldap sudoOption: 'runas_default=tomcat'
According to the man pages for the -i option:
-i [command]
The -i (simulate initial login) option runs the shell
specified in the passwd(5) entry of the target user as a
login shell. This means that login-specific resource files
such as .profile or .login will be read by the shell. If a
command is specified, it is passed to the shell for
execution. Otherwise, an interactive shell is executed.
sudo attempts to change to that user's home directory
before running the shell. It also initializes the
OpenBSD 5.0 July 26, 2011 3
SUDO(8) OpenBSD Reference Manual SUDO(8)
environment, leaving DISPLAY and TERM unchanged, setting
HOME, SHELL, USER, LOGNAME, and PATH, as well as the
contents of /etc/environment on Linux and AIX systems. All
other environment variables are removed.
________________________________________
From:
nss-pam-ldapd-users-bounces+vicente.sotomayor=state.ma.us@lists.arthurdejong.org
[nss-pam-ldapd-users-bounces+vicente.sotomayor=state.ma.us@lists.arthurdejong.org]
On Behalf Of arjen@itcloud.nl [arjen@itcloud.nl]
Sent: Wednesday, July 27, 2011 7:40 AM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: runas_default= not working as expected. Dropping to root.
Hello,
I'm running debian squeeze and getting unexpected results when running
'sudo -i'
expected a bash shell as the configured runas_default=tomcat, instead
recieving a shell running as root.
If someone could point me on my error i gladly appreciate it.
Arjen.
libnss-ldapd 0.7.13
libpam-ldapd 0.7.13
sudo-ldap 1.7.4p4-2.squeeze.2
------
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1/
# The search base that will be used for all queries.
base dc=base,dc=nl
# The LDAP protocol version to use.
ldap_version 3
# The DN to bind with for normal lookups.
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
timelimit 20
idle_timelimit 300
# SSL options
ssl start_tls
tls_reqcert never
# The search scope.
#scope sub
------
------
root@node1:~# nslcd -d
nslcd: DEBUG: add_uri(ldap://127.0.0.1/)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0)
nslcd: version 0.7.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(111) done
nslcd: DEBUG: setuid(107) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8b4567] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_start_tls_s()
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7b23c6] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_start_tls_s()
nslcd: [7b23c6] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [3c9869] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_start_tls_s()
nslcd: [3c9869] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [334873] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [334873] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [334873] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_start_tls_s()
nslcd: [334873] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [b0dc51] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [b0dc51] DEBUG: nslcd_pam_authc("johndoe","","sshd","***")
nslcd: [b0dc51] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG:
myldap_search(base="uid=johndoe,ou=People,dc=base,dc=nl",
filter="(objectClass=posixAccount)")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("uid=johndoe,ou=People,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG: ldap_unbind()
nslcd: [b0dc51] DEBUG: bind successful
nslcd: [495cff] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [495cff] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [495cff] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [495cff] DEBUG: ldap_result(): end of results
nslcd: [e8944a] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [e8944a] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e8944a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e8944a] DEBUG: ldap_result(): end of results
nslcd: [5558ec] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [5558ec] DEBUG:
nslcd_pam_authz("johndoe","uid=johndoe,ou=People,dc=base,dc=nl","sshd","","johndoe.office.fake.nl","ssh")
nslcd: [8e1f29] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8e1f29] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8e1f29] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8e1f29] DEBUG: ldap_result(): end of results
nslcd: [e87ccd] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [e87ccd] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e87ccd] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e87ccd] DEBUG: ldap_result(): end of results
nslcd: [1b58ba] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [1b58ba] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [1b58ba] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [1b58ba] DEBUG: ldap_result(): end of results
nslcd: [7ed7ab] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7ed7ab] DEBUG:
nslcd_pam_sess_o("johndoe","","sshd","ssh","johndoe.office.fake.nl","")
nslcd: [b141f2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [b141f2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [b141f2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b141f2] DEBUG: ldap_result(): end of results
nslcd: [b71efb] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [b71efb] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [b71efb] DEBUG: ldap_result(): end of results
nslcd: [e2a9e3] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [e2a9e3] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e2a9e3] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e2a9e3] DEBUG: ldap_result(): end of results
nslcd: [45e146] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [45e146] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [45e146] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [45e146] DEBUG: ldap_result(): end of results
nslcd: [5f007c] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [5f007c] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [d062c2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [d062c2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [d062c2] DEBUG: ldap_result(): end of results
nslcd: [200854] DEBUG: connection from pid=27548 uid=5060 gid=100
nslcd: [200854] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [200854] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [200854] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [b127f8] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [b127f8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16231b] DEBUG: nslcd_group_bygid(3005)
nslcd: [16231b] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16e9e8] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [16e9e8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [90cde7] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [90cde7] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [90cde7] error writing to client: Broken pipe
nslcd: [ef438d] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ef438d] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ef438d] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [0e0f76] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [0e0f76] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [0e0f76] error writing to client: Broken pipe
nslcd: [52255a] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [52255a] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [52255a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [52255a] DEBUG: ldap_result(): end of results
nslcd: [9cf92e] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [9cf92e] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [9cf92e] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [9cf92e] error writing to client: Broken pipe
nslcd: [ed7263] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ed7263] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ed7263] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ed7263] DEBUG: ldap_result(): end of results
nslcd: [dcc233] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [dcc233] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [dcc233] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [dcc233] error writing to client: Broken pipe
nslcd: [efd79f] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [efd79f] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [efd79f] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [efd79f] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [a7c4c9] DEBUG: nslcd_group_bymember(root)
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(memberUid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [68079a] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [68079a] DEBUG: nslcd_group_bygid(3005)
nslcd: [68079a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [68079a] DEBUG: ldap_result(): end of results
nslcd: [6afb66] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [6afb66] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [6afb66] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [6afb66] DEBUG: ldap_result(): end of results
nslcd: [e45d32] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [e45d32] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [e45d32] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [e45d32] DEBUG: ldap_result(): end of results
^Cnslcd: [a7c4c9] DEBUG: ldap_unbind()
nslcd: [6afb66] DEBUG: ldap_unbind()
nslcd: [68079a] DEBUG: ldap_unbind()
nslcd: [e45d32] DEBUG: ldap_unbind()
nslcd: [efd79f] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: version 0.7.13 bailing out
root@node1:~#
------
------
johndoe@node1:/$ sudo -l
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(52)=0x82
Matching Defaults entries for johndoe on this host:
env_reset, authenticate, syslog=auth, insults, !mail_no_user
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost 'linux14' ... not
sudo: ldap search 'sudoUser=+*'
User johndoe may run the following commands on this host:
(root) NOPASSWD: /bin/bash
(root) NOPASSWD: /usr/bin/ngrep *, /bin/kill *, /etc/init.d/tomcat
*,
(root) NOPASSWD: /bin/chown tomcat *, /bin/chown -R tomcat *,
johndoe@node1:/$ sudo -i
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: found:cn=full_batch_access,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoCommand '/bin/bash' ... MATCH!
sudo: Command allowed
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(0)=0x02
root@node1:~#
------
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users