sudoers nopasswd screwiness

[Craig White]

On Sat, 2011-12-10 at 07:47 -0700, compdoc wrote:
> > sort of where I am at this point and in the meantime, I've copied the
> lines from
> >/etc/sudoers.d/user into /etc/sudoers and commented them in
> /etc/sudoers.d/user 
> >(apparently sudo is very unhappy to have identical rules) and I'm at least
> function 
> >but still scratching my head.
> 
> Funny how that worked out...
----
not really because this forces me to put this 'rule' into all the
systems.

not really because this occurred only on 2 specific servers while other
servers worked fine with the same 'rule' in /etc/sudoers.d/user

not really because the whole notion of idempotence
http://en.wikipedia.org/wiki/Idempotence
and considering that these servers all have a base install with just
openssh-server package added and the rest of the packages installed from
the same puppet manifests, it makes me wonder about the consistency of
Ubuntu.

so while you are trying to score some victory over useless advice such
as putting this rule in /etc/sudoers where it's clear from the man page
that entries in /etc/sudoers.d/some_file should equally function and
actually **sometimes** does and **sometimes** doesn't is clearly a bug
and is indicative of a larger issue at hand. Not to mention your
suggestion of giving sudo privileges "ALL=(ALL:ALL) NOPASSWD:ALL" which
is the kind of thing that you do on a single user system and would be
incredibly foolish on a series of network servers. Not to mention your
suggestion that rsync doesn't need sudo privileges which of course
ignores the obvious problem that sudo is invoked because the user isn't
capable of accessing some of the files/folders without it so I guess
that the only other useless advice you didn't offer is why didn't I just
run the script as root instead.

Thanks

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.