Comments (5)
Before you go too much further, try specifying:
commands ["/usr/bin/rsync"]
from sudo.
I can confirm that systemctl blah
didn't work in my case, whereas /bin/systemctl blah
did.
from sudo.
I can also confirm this issue, for me testing with pacman
doesn't work, but /usr/bin/pacman
does:
sudo 'makepkg-pacman' do
user 'makepkg'
nopasswd true
commands ['/usr/bin/pacman'] # Working!
notifies :reload, 'ohai[reload]', :immediately
end
from sudo.
I think we could inspect each element of commands and bail with a more useful error when a command does not start with /
or .
.
from sudo.
So I believe the reasoning is that sudoers is a very low level system which can only be modified by users with the highest level of access where anyone can set their own $PATH
because of this it is only safe for it to verify full/absolute paths as someone could add a file called pacman
and put it in their path before /usr/bin
and now you have allowed them to execute their own pacman
command with elevated privileges. I have submitted a PR to make it blow up with a more helpful error message.
from sudo.
Related Issues (20)
- New version fails on Chef 11.10 HOT 2
- sudo resource question HOT 12
- [BUG] sudo resource sudo package installation HOT 2
- Resource Documentation is messed up HOT 2
- visudo missing from PATH during cron runs HOT 4
- sudo resource chokes on group strings HOT 1
- mode cannot be user-defined for /etc/sudoers.d
- sudo resource ignores group string if user string set HOT 2
- Chefspec matchers have disappeared between version 4.0.0 and 4.0.1 HOT 3
- Sudo package installation HOT 2
- Issue with sudoers being created. HOT 3
- Is this cookbook being deprecated HOT 2
- visudo not found in PATH after new sudoers is generated. HOT 2
- Syntax issue in metadata.rb HOT 1
- Error executing action `create` on resource 'template[/etc/sudoers.d/patchusr]' HOT 1
- sudo apt-get install git
- 5.4.7 release includes some mac dot underscore files HOT 3
- AttributeNotFound: could not find filename for attribute default._ORIGINAL in cookbook sudo
- Remove 'sysadmin' group default HOT 2
- default node['authorization']['sudo']['passwordless'] is ignored HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sudo.