Subject: Re: sudo doesn't ask for password
To: mortee <mortee.lists@kavemalna.hu>
From: Quentin Garnier <cube@cubidou.net>
List: tech-security
Date: 10/19/2007 11:36:14
--kXdP64Ggrk/fb43R
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 19, 2007 at 09:41:58AM +0200, mortee wrote:
> Hello,
>=20
> sorry if this isn't an appropriate forum for my problem, but I don't
> really know where else to ask. I'm wondering if anyone else has
> encountered what I have, what may be the cause and the solution.
>=20
> I have a i386 box running NBSD 2.0. I recently transitioned from
> pkgsrc-2007Q2 to pkgsrc-2007Q3, along with which sudo got updated from
> 1.6.8pl12nb4 to 1.6.9p6.
>=20
> I just noticed that sudo fails to ask me for my password, when it would
> be supposed to.
>=20
> $ id
> uid=3D1000(morton) gid=3D100(users)
> groups=3D100(users),0(wheel),5(operator),39(nobody),1002(kormendi),1003(m=
orton)
> $ sudo id
> uid=3D0(root) gid=3D0(wheel)
> groups=3D0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest)
> $ sudo -l
> User morton may run the following commands on this host:
>     (ALL) ALL
>     (%morton) NOPASSWD: ALL
>     (root) NOPASSWD: /usr/pkg/sbin/smartctl -A /dev/wd?d
> $ sudo -k
> $ sudo ls
> .Xauthority
> .bittorrent
> ...
>=20
> I know for sure that it worked as expected before the upgrade. I don't
> have any timeout settings in my sudoers file, so it is at its default
> value. However, after sudo -k, it should ask for a password anyway. I
> haven't altered my sudoers file since the upgrade.
>=20
> Also note that as root, I should only be able to run that smartctl
> command without a password prompt; and also run anything as someone in
> the group morton, which root is not. So in all other cases, I should be
> prompted for my password.
>=20
> Can anyone shred any light on this?

Well, the second line in sudo -l output means you don't have to type
your password when you belong to group "morton".  I don't see how any
update would have changed anything there.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"See the look on my face from staying too long in one place
[...] every time the morning breaks I know I'm closer to falling"
KT Tunstall, Saving My Face, Drastic Fantastic, 2007.

--kXdP64Ggrk/fb43R
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iQEVAwUBRxh6jtgoQloHrPnoAQIRkQf/VYJr6p4R0tHCE6dEaqk8DSevEe4kbXgq
ghFKD1xA9741mSLOa7zXiWiRUnJ2ZrxRbCB/+jJNUP0vDpJHbcW9lu56R/tKSOsw
P3HOkvg2fR5bREql+AQLa3B6nOODZNS+Gg6SQpsSF6/5YwkbdrvfN+5D16ecTA1t
PIT8pr0tR+sGSPs3AZNyBp6fBrHbT6Uq2u7nopkJi0DvGwPRSxaVyDRvMEJZy1gU
ME/Bimt/7VPMDuG+xzl+x5yvfT+5zjfDg/P5Lj/f/FDRwlUoiQwkaGVL1Jfbb4YU
JfUs/ms9hz31aXQsTeSc50RlGz3X6biZHroEmX0th0LEOR8OdqK4MA==
=22pI
-----END PGP SIGNATURE-----

--kXdP64Ggrk/fb43R--