Re: can't figure out a problem with sudo

From: Lowell Gilbert (freebsd-questions-local_at_be-well.ilk.org)
Date: 12/19/03

  • Next message: Lowell Gilbert: "Re: auth.log" 
    To: "KURT BUFF" <kurtbuff@spro.net>
Date: 18 Dec 2003 19:59:59 -0500

    "KURT BUFF" <kurtbuff@spro.net> writes:

    > I'm starting to lose some hair, running a command through sudo. Other
    > commands work just fine through sudo, just one of them doesn't work.
    >
    > The command is this:
    >
    > sudo cp /home/filter/pfm/relay_recipients /usr/local/etc/postfix.
    >
    > It fails with the following error message:
    >
    > Sorry, user filter is not allowed to execute '/bin/cp
    > /home/filter/pfm/relay_recipients /usr/local/etc/postfix' as root on
    > mail2.

    Looks correct. I don't see anything that allows this command. What
    is COPYRELAY supposed to do?

    > The command that comes after that:
    >
    > sudo /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients

    Which is covered by MAP, so it makes sense that should work.

    > works just fine.
    >
    > I've included the directory listing below, and the sudoers file.
    >
    > Any help would be greatly appreciated.
    >
    > Thanks,
    >
    > Kurt
    >
    > ----------snip here----------
    > mail2% ls -al /usr/local/etc/postfix
    > total 298
    > drwxr-xr-x 3 root wheel 2048 Dec 17 17:46 .
    > drwxr-xr-x 4 root wheel 512 Dec 17 18:05 ..
    > -rw-r--r-- 1 root wheel 11942 Jun 27 15:38 LICENSE
    > -rw-r--r-- 1 root wheel 8652 Jun 27 15:38 access
    > -rw-r--r-- 1 root wheel 245 Jun 28 20:18 aliases
    > -rw-r--r-- 1 root wheel 65536 Jun 28 20:46 aliases.db
    > -rw-r--r-- 1 root wheel 7559 Jun 27 15:38 canonical
    > -rw-r--r-- 1 root wheel 1152 Dec 17 17:46 main.cf
    > -rw-r--r-- 1 root wheel 9176 Jun 27 15:38 main.cf.default
    > -rw-r--r-- 1 root wheel 9176 Nov 25 17:07 main.cf.original
    > -rw-r--r-- 1 root wheel 2001 Dec 8 15:11 master.2003-12-08
    > -rw-r--r-- 1 root wheel 2001 Dec 8 16:05 master.cf
    > -rw-r--r-- 1 root wheel 5859 Jun 27 15:41 master.cf.original
    > -rwxr-xr-x 1 root wheel 6035 Jun 27 15:43 master.cf.updated
    > -rw-r--r-- 1 root wheel 7676 Jun 27 15:38 pcre_table
    > -rwxr-xr-x 1 root wheel 18866 Jun 27 15:38 post-install
    > -rw-r--r-- 1 root wheel 8643 Jun 27 15:38 postfix-files
    > -rwxr-xr-x 1 root wheel 5424 Jun 27 15:38 postfix-script
    > -rw-r--r-- 1 root wheel 4901 Jun 27 15:38 regexp_table
    > -rw-r--r-- 1 root wheel 0 Dec 17 17:46 relay_recipients
    > -rw-r--r-- 1 root wheel 65536 Dec 17 17:54 relay_recipients.db
    > -rw-r--r-- 1 root wheel 5070 Jun 27 15:38 relocated
    > drwxr-xr-x 2 root wheel 1536 Dec 15 16:47 samples
    > -rw-r--r-- 1 root wheel 499 Jun 27 15:44 transport
    > -rw-r--r-- 1 root wheel 65536 Jun 28 14:07 transport.db
    > -rw-r--r-- 1 root wheel 9131 Jun 27 15:43 transport.original
    > -rw-r--r-- 1 root wheel 9682 Jun 27 15:38 virtual
    > ----------snip here----------
    >
    >
    >
    > ----------snip here----------
    > # sudoers file.
    > #
    > # This file MUST be edited with the 'visudo' command as root.
    > #
    > # See the sudoers man page for the details on how to write a sudoers file.
    > #
    >
    > # Host alias specification
    >
    > # User alias specification
    > User_Alias FILTER = filter
    >
    > # Cmnd alias specification
    > Cmnd_Alias RELOAD = /usr/local/sbin/postfix reload
    > Cmnd_Alias MAP = /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients
    > Cmnd_Alias RECIPS = /usr/local/etc/postfix/relay_recipients
    > Cmnd_Alias DB = /usr/local/etc/etc/postfix/relay_recipients.db
    > Cmnd_Alias COPYRELAY = /bin/cp /usr/local/etc/postfix
    > Cmnd_Alias RMRELAY = /bin/rm /usr/local/etc/postfix
    >
    > # Defaults specification
    > Defaults syslog=auth
    > Defaults:filter !authenticate
    >
    > # User privilege specification
    > root ALL=(ALL) ALL
    > FILTER ALL=RELOAD, MAP, RECIPS, DB, COPYRELAY, RMRELAY
    >
    > # Uncomment to allow people in group wheel to run all commands
    > # %wheel ALL=(ALL) ALL
    >
    > # Same thing without a password
    > # %wheel ALL=(ALL) NOPASSWD: ALL
    >
    > # Samples
    > # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
    > # %users localhost=/sbin/shutdown -h now
    > ----------snip here----------
    > 

    -- 
Lowell Gilbert, embedded/networking software engineer, Boston area: 
		resume/CV at http://be-well.ilk.org:8088/~lowell/resume/
		username/password "public"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
  • Next message: Lowell Gilbert: "Re: auth.log"

    Relevant Pages

    • Re: CD-RW not recognized with new kernel
      ... I thought: $ sudo cdrecord resp. ... >commands needed for that allowed through. ... # See the sudoers man page for the details on how to write a sudoers file. ...
      (Fedora)
    • Re: [SLE] sudoers file
      ... Tarjei ... > many ways to implement it; I like it because it logs all commands, ... > # Oracle installation routines as root without requiring a SysAdmin to help ...
      (SuSE)
    • Re: [SLE] sudoers file
      ... I like it because it logs all commands, ... # This file MUST be edited with the 'visudo' command as root. ... # Oracle user is oracle on some machines, ...
      (SuSE)
    • Sudo doubt
      ... User root may run the following commands on this host: ... I cannot see john user? ...
      (comp.unix.solaris)
    • Re: sudo and privoxy
      ... Nor does the man page for visudo look any ... Having the user in the sudoers file is not always enough. ... way of adding an user to the sudoers file also specifies the "program ... groups"/ commands the specified user can run. ...
      (Fedora)