Date: 05-12-20  Time: 00:40 AM

Author Topic: sudo with ldap support  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

roxyland

  • New Member
  • *
  • Posts: 2
  • Karma: +0/-0
sudo with ldap support
« on: October 28, 2020, 07:52:03 AM »
Hi,

The download link on http://www.aixtools.net/index.php/sudo
http://download.aixtools.net/tools/aixtools.sudo-ldap.1.8.31.0.I
seems to be broken.

Was hoping to get a sudo package that support LDAP.
Thanks

roxyland

  • New Member
  • *
  • Posts: 2
  • Karma: +0/-0
Re: sudo with ldap support
« Reply #1 on: October 28, 2020, 08:12:18 AM »
sorry I was able to download from that link. Must have been trying an older verion earlier.

Anyway, I've installed it, but the ownership on the installed files cause errors:

sudo: /opt/bin/sudo must be owned by uid 0 and have the setuid bit set                                                                      sudo: /opt/libexec/sudo/sudoers.so must be owned by uid 0                                                                                                            sudo: fatal error, unable to load plugins

They are owned by bin:bin. It also changes ownership of /etc /var and sub-directories to bin:bin

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1273
  • Karma: +0/-0
Re: sudo with ldap support
« Reply #2 on: October 28, 2020, 02:36:43 PM »
I'll look into it. Not done much with sudo lately.
My normal packaging process sets all packages to bin.bin - I'll modify the install.config script to do some chown root.bin for /opt/bin/sudo.
What I had been working on, but never got any feedback from sudo project - was to use RBAC to elevate privilege. Effect is the same, but you had the added 'onion' skin, that you needed to have the authentication 'sudo' to execute sudo - at all.
Don't think I'll get to it today - but quick!
Michael

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1273
  • Karma: +0/-0
Re: sudo with ldap support
« Reply #3 on: November 01, 2020, 01:35:49 PM »
Thanks for the heads-up. I have repackaged sudo-1.8.31 - with LDAP support - and the correct config scripts to make sure the files that need to be owned by root - are owned by root.bin.
Note: I do not use root.system on purpose. I want accounts to have more privilege required that merely being a member of group system.
All feedback is welcome!