Is there another news group that would be more appropriate for this
question? I've also tried alt.linux.redhat.
thanks,
Cooper
On Sun, 04 Dec 2005 15:20:37 -0500, Cooper Blake <(E-Mail Removed)>
wrote:
> Hi All,
>
> I am usually a read-only browser of news groups, but I cannot figure
> this problem out. I have a fully patched Fedora Core 4 installation on
> one machine, and I am accessing it through an SSH connection on the same
> 192.168.3.0 subnet from a Windows XP box.
>
> I setup SSH so that the root user cannot login, so I am using sudo to
> run certain commands. Sudo is working perfectly in the following
> sudoers configuration:
>
> ------------------------------------------
> Host_Alias SUBNET = 192.168.3.0/24
>
> root ALL=(ALL) ALL
>
> %wheel ALL= /sbin/shutdown -r now
> %wheel ALL= NOPASSWD: /bin/mount /mnt/xp-store, /bin/umount
> /mnt/xp-store
> %wheel ALL= NOPASSWD: /usr/local/bin/backup-xp-data.sh
> %wheel ALL= NOPASSWD: /usr/bin/less /var/log/messages
> %wheel ALL= NOPASSWD: /bin/mail -u root
> %wheel ALL= NOPASSWD: /sbin/mdadm -D /dev/md0
> ------------------------------------------
>
> However, when I try to restrict sudo to the current subnet and replace
> the 'ALL' with the 'SUBNET' host alias, sudo thinks I don't have access
> to the command. This is confirmed by calling the sudo -l command, which
> no longer lists the restricted commands.
>
> -------------------------------------------
> %wheel SUBNET= NOPASSWD: /bin/mail -u root
> -------------------------------------------
>
> I have tried using the actual IP address, 192.168.3.101, using the
> hostname, and using the 255.255.255.0 notation for the subnet. To
> confirm that I am in fact on the subnet, I checked the SSH environment
> variables and get:
>
> SSH_CLIENT=192.168.3.101 1089 22
> SSH_CONNECTION=192.168.3.101 1089 192.168.3.3 22
>
>
> So basically I cannot restrict the host in the sudoers file. What am I
> doing wrong here?
>
>
> thanks,
> Cooper
|
Similar Threads
Linear Mode
