이 콘텐츠는 선택한 언어로 제공되지 않습니다.

8.229. sudo


Updated sudo packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Bug Fixes

BZ#1006447
Previously, the sudo utility did not correctly handle the "sudo -ll" command when the System Security Service Daemon (SSSD) was used to get available sudo entries. Consequently, running "sudo -ll" returned incomplete results, as it did not list the rule names of sudo users. A patch has been applied to fix this bug, and "sudo -ll" now lists the rule names as expected when SSSD is used.
BZ#1006463
Prior to this update, sudo did not respond correctly to the root user's request to list the privileges for a specified user when SSSD was used. As a consequence, running the "sudo -l -U" command for a certain user as root returned incomplete results, while running the same command as the user worked as expected. The source code has been updated to fix this problem, and executing "sudo -l -U" as root now returns correct results.
BZ#1052940
Previously, sudo did not correctly handle the situation when the group specification in the /etc/sudoers file contained escape characters on systems integrated with the Active Directory (AD) service. As a consequence, specifying a custom password prompt for a group containing escape characters did not work, as sudo displayed the default password prompt instead when a member of that group used sudo. A patch has been applied to fix this bug, and setting a custom password prompt now works as expected even if the group specification contains escape characters.
BZ#1065415
Previously, the sesh process, when called as "-sesh" by sudo, executed the login shell with an incorrect path name, as it replaced the last slash character in the shell path with a dash while the rest of the path remained unchanged. As a consequence, the login shell was being called as "/bin-[shell]" instead of "-[shell]", which could result in unexpected system behavior. The source code has been updated to fix this bug, and sesh no longer causes this problem.
BZ#1070952
Previously, the pam_faillock module did not acknowledge the attempts to terminate sudo login with the Ctrl+C shortcut after the password prompt showed up. As a consequence, sudo continued to try to log in and eventually locked the user out. The problem has been fixed, and even though an attempt terminated with Ctrl+C still counts as one failed attempt to log in, sudo no longer locks the user out.
BZ#1078338
Previously, sudo did not correctly handle setting the NIS domain name value as "(none)", as it considered the "(none)" text string a valid domain name. Consequently, the getdomainname() function returned "(none)" as the NIS domain name instead of recognizing that no domain name was set. The source code has been updated to fix this problem, and sudo now handles the described situation correctly.
BZ#1083064
Prior to this update, when a sudo rule contained the +netgroup variable in the sudoUser attribute, the system ignored the rest of the sudo rule under certain circumstances. Consequently, executing the "sudo -l" command did not show the complete list of rules configured for the specified user. With this update, the problem has been fixed, and running "sudo -l" now shows the complete list of rules even when a sudo rule contains the +netgroup variable.
Users of sudo are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.