I'm using the same version of sudo on my Solaris systems. And by 'valid' I didn't mean merely listed in /etc/shell; I meant a real shell like bash. However, I'm afraid I can't reproduce the problem at the moment, but I can say that I resorted to giving the nagios user a real shell only when I realised I needed to run a shell-script plugin as the root user. Someone explained to me: "It would be a security flaw for sudo to allow anything to run for a user who is not otherwise entitled to a real shell." I make no comment on the reasoning--consider it hearsay--but sure enough, it was the only way I could get my plugin to work. If I get a chance to reproduce the problem, I'll see what I can dig out about it.
Alex
On 9/4/06, Hari Sekhon <[EMAIL PROTECTED]> wrote:
Thomas Sluyter wrote:On 4 Sep, 2006, at 12:09, Hari Sekhon wrote:
Alexander Harvey wrote:
Note to Hari: my understanding is that sudo won't work for account
that doesn't have a valid shell. Certainly all my testing led me to
that conclusion.
So it would seem that this is not correct. A valid shell is not
required.
Actually, to nitpick a little :)
I'd think it's entirely possible that sudo requires a valid shell,
just like FTP and such. But in that case "valid" would mean "listed
in /etc/shells" and not "working like a normal shell"... I'd have to
check the man-page to be sure though..
Cheers!
/bin/false isn't listed as a valid shell on my nagios box and this still works. hmm.
Also, you could use sudo -s /bin/bash check_command so that you get the shell for that one command. The man page says you can use this to override the system set shell.
If you find anything written anywhere about this then let me know. It's entirely possible that different versions have different quirks, this is not unknown in unixland...
fyi my sudo -V gives me the version as "Sudo version 1.6.8p9" (lots of extras output omitted)
-h
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
