From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kharpost@rambler.ru>
Message-ID: <46BD96C6.7040706@rambler.ru>
Date: Sat, 11 Aug 2007 15:00:22 +0400
From: "Dmitry A. Kharitonov" <kharpost@rambler.ru>
User-Agent: Thunderbird 2.0.0.0 (X11/20070423)
MIME-Version: 1.0
To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
References: <46BD697E.5060201@rambler.ru>
	<20070811095907.GA22108@basalt.office.altlinux.org>
In-Reply-To: <20070811095907.GA22108@basalt.office.altlinux.org>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
Subject: Re: [sisyphus]
 =?windows-1251?b?yuDqIPDg5/Dl+Ojy/CDw4OHu8vMgc3Vkbz8=?=
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2007 11:00:27 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/46BD96C6.7040706@rambler.ru/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>

Dmitry V. Levin пишет:
> On Sat, Aug 11, 2007 at 11:47:10AM +0400, Dmitry A. Kharitonov wrote:
> [...]
>> [10:23:13 root@localhost ~]# control
>> <skip>
>> su              wheelonly       (public wheel wheelonly restricted)
>> sudo            unknown         (public wheelonly restricted)
>> sudoers         strict          (strict relaxed)
>> <skip>
>> [10:24:25 root@localhost ~]# control sudo wheelonly
>> control: sudo: Requested wheelonly, got unknown
> 
> У вас не сработал chmod и/или find;
> что-то очень странное с вашей системой, посмотрите на отладочный вывод от
> # sh -x /etc/control.d/facilities/sudo wheelonly
[14:51:46 root@localhost ~]# sh -x /etc/control.d/facilities/sudo wheelonly
+ . /etc/control.d/functions
++ NAME_LIST=
++ '[' -n wheelonly ']'
+ BINARY=/usr/bin/sudo
+ new_fmode public 4711 root root
+ register public
+ eval 'test -z "$REGISTERED_public"'
++ test -z ''
+ define REGISTERED public yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_public="yes"'
++ REGISTERED_public=yes
+ '[' -z '' ']'
+ NAME_LIST=public
+ define NAME_TO_FMODE public 4711
+ local arg=4711
+ '[' -z 4711 ']'
+ eval 'NAME_TO_FMODE_public="4711"'
++ NAME_TO_FMODE_public=4711
+ define NAME_TO_OWNER public root:root
+ local arg=root:root
+ '[' -z root:root ']'
+ eval 'NAME_TO_OWNER_public="root:root"'
++ NAME_TO_OWNER_public=root:root
+ define FMODE_OWNER_TO_NAME 4711_root_root public
+ local arg=public
+ '[' -z public ']'
+ eval 'FMODE_OWNER_TO_NAME_4711_root_root="public"'
++ FMODE_OWNER_TO_NAME_4711_root_root=public
+ new_fmode wheelonly 4710 root wheel
+ register wheelonly
+ eval 'test -z "$REGISTERED_wheelonly"'
++ test -z ''
+ define REGISTERED wheelonly yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_wheelonly="yes"'
++ REGISTERED_wheelonly=yes
+ '[' -z public ']'
+ NAME_LIST='public wheelonly'
+ define NAME_TO_FMODE wheelonly 4710
+ local arg=4710
+ '[' -z 4710 ']'
+ eval 'NAME_TO_FMODE_wheelonly="4710"'
++ NAME_TO_FMODE_wheelonly=4710
+ define NAME_TO_OWNER wheelonly root:wheel
+ local arg=root:wheel
+ '[' -z root:wheel ']'
+ eval 'NAME_TO_OWNER_wheelonly="root:wheel"'
++ NAME_TO_OWNER_wheelonly=root:wheel
+ define FMODE_OWNER_TO_NAME 4710_root_wheel wheelonly
+ local arg=wheelonly
+ '[' -z wheelonly ']'
+ eval 'FMODE_OWNER_TO_NAME_4710_root_wheel="wheelonly"'
++ FMODE_OWNER_TO_NAME_4710_root_wheel=wheelonly
+ new_fmode restricted 700 root root
+ register restricted
+ eval 'test -z "$REGISTERED_restricted"'
++ test -z ''
+ define REGISTERED restricted yes
+ local arg=yes
+ '[' -z yes ']'
+ eval 'REGISTERED_restricted="yes"'
++ REGISTERED_restricted=yes
+ '[' -z 'public wheelonly' ']'
+ NAME_LIST='public wheelonly restricted'
+ define NAME_TO_FMODE restricted 700
+ local arg=700
+ '[' -z 700 ']'
+ eval 'NAME_TO_FMODE_restricted="700"'
++ NAME_TO_FMODE_restricted=700
+ define NAME_TO_OWNER restricted root:root
+ local arg=root:root
+ '[' -z root:root ']'
+ eval 'NAME_TO_OWNER_restricted="root:root"'
++ NAME_TO_OWNER_restricted=root:root
+ define FMODE_OWNER_TO_NAME 700_root_root restricted
+ local arg=restricted
+ '[' -z restricted ']'
+ eval 'FMODE_OWNER_TO_NAME_700_root_root="restricted"'
++ FMODE_OWNER_TO_NAME_700_root_root=restricted
+ new_help public 'Any user can execute /usr/bin/sudo'
+ register public
+ eval 'test -z "$REGISTERED_public"'
++ test -z yes
+ return
+ define HELP_TO public 'Any user can execute /usr/bin/sudo'
+ local 'arg=Any user can execute /usr/bin/sudo'
+ '[' -z 'Any user can execute /usr/bin/sudo' ']'
+ eval 'HELP_TO_public="Any user can execute /usr/bin/sudo"'
++ HELP_TO_public='Any user can execute /usr/bin/sudo'
+ new_help wheelonly 'Only "wheel" group members can execute /usr/bin/sudo'
+ register wheelonly
+ eval 'test -z "$REGISTERED_wheelonly"'
++ test -z yes
+ return
+ define HELP_TO wheelonly 'Only "wheel" group members can execute
/usr/bin/sudo'
+ local 'arg=Only "wheel" group members can execute /usr/bin/sudo'
+ '[' -z '' ']'
++ printf %s 'Only "wheel" group members can execute /usr/bin/sudo'
++ sed -e 's/["$`\]/\\&/g'
+ arg='Only \"wheel\" group members can execute /usr/bin/sudo'
+ eval 'HELP_TO_wheelonly="Only \"wheel\" group members can execute
/usr/bin/sudo"'
++ HELP_TO_wheelonly='Only "wheel" group members can execute /usr/bin/sudo'
+ new_help restricted 'Only root can execute /usr/bin/sudo'
+ register restricted
+ eval 'test -z "$REGISTERED_restricted"'
++ test -z yes
+ return
+ define HELP_TO restricted 'Only root can execute /usr/bin/sudo'
+ local 'arg=Only root can execute /usr/bin/sudo'
+ '[' -z 'Only root can execute /usr/bin/sudo' ']'
+ eval 'HELP_TO_restricted="Only root can execute /usr/bin/sudo"'
++ HELP_TO_restricted='Only root can execute /usr/bin/sudo'
+ new_summary 'Execute a command as another user'
+ local 'arg=Execute a command as another user'
+ '[' -z 'Execute a command as another user' ']'
+ define SUMMARY FOR 'Execute a command as another user'
+ local 'arg=Execute a command as another user'
+ '[' -z 'Execute a command as another user' ']'
+ eval 'SUMMARY_FOR="Execute a command as another user"'
++ SUMMARY_FOR='Execute a command as another user'
+ control_fmode /usr/bin/sudo wheelonly
+ local FILE=/usr/bin/sudo REQUEST=wheelonly FMODE= OWNER=
+ case "$REQUEST" in
+ validate wheelonly
+ grep -q '^[a-z0-9_]*$'
+ printf %s wheelonly
+ lookup FMODE NAME_TO_FMODE wheelonly
+ eval 'FMODE="$NAME_TO_FMODE_wheelonly"'
++ FMODE=4710
+ lookup OWNER NAME_TO_OWNER wheelonly
+ eval 'OWNER="$NAME_TO_OWNER_wheelonly"'
++ OWNER=root:wheel
+ '[' -z 4710 -o -z root:wheel ']'
++ control_fmode_status /usr/bin/sudo
++ local FILE=/usr/bin/sudo STAT NAME=
+++ stat_file /usr/bin/sudo
+++ local PATHNAME=/usr/bin/sudo BASEPATH
+++ BASEPATH=/usr/bin
+++ find /usr/bin -maxdepth 1 -path /usr/bin/sudo -printf %m_%u_%g
++ STAT=
++ validate ''
++ printf %s ''
++ grep -q '^[a-z0-9_]*$'
++ '[' -n '' ']'
++ echo unknown
+ '[' unknown = wheelonly ']'
+ chown root:wheel /usr/bin/sudo
+ chmod 4710 /usr/bin/sudo
[14:51:52 root@localhost ~]# ls -l /usr/bin/sudo
-rws--x--- 1 root wheel 105768 Авг  6 00:00 /usr/bin/sudo

Вроде бы работает нормально. Похоже глючит отображалка.

[14:58:08 root@localhost ~]# sh -x /etc/control.d/facilities/sudo
+ . /etc/control.d/functions
++ NAME_LIST=
++ '[' -n '' ']'
++ set - status
unknown