From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 17:00:02 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B0AF16A4CE for ; Thu, 18 Dec 2003 17:00:02 -0800 (PST) Received: from be-well.no-ip.com (lowellg.ne.client2.attbi.com [66.30.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8142F43D39 for ; Thu, 18 Dec 2003 17:00:00 -0800 (PST) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.no-ip.com (Postfix, from userid 1147) id 0446460; Thu, 18 Dec 2003 19:59:59 -0500 (EST) Sender: lowell@be-well.ilk.org To: "KURT BUFF" References: <7049.216.202.42.5.1071713687.squirrel@webmail.spro.net> From: Lowell Gilbert Date: 18 Dec 2003 19:59:59 -0500 In-Reply-To: <7049.216.202.42.5.1071713687.squirrel@webmail.spro.net> Message-ID: <44fzfhr59s.fsf@be-well.ilk.org> Lines: 113 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: can't figure out a problem with sudo X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 01:00:02 -0000 "KURT BUFF" writes: > I'm starting to lose some hair, running a command through sudo. Other > commands work just fine through sudo, just one of them doesn't work. > > The command is this: > > sudo cp /home/filter/pfm/relay_recipients /usr/local/etc/postfix. > > It fails with the following error message: > > Sorry, user filter is not allowed to execute '/bin/cp > /home/filter/pfm/relay_recipients /usr/local/etc/postfix' as root on > mail2. Looks correct. I don't see anything that allows this command. What is COPYRELAY supposed to do? > The command that comes after that: > > sudo /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients Which is covered by MAP, so it makes sense that should work. > works just fine. > > I've included the directory listing below, and the sudoers file. > > Any help would be greatly appreciated. > > Thanks, > > Kurt > > ----------snip here---------- > mail2% ls -al /usr/local/etc/postfix > total 298 > drwxr-xr-x 3 root wheel 2048 Dec 17 17:46 . > drwxr-xr-x 4 root wheel 512 Dec 17 18:05 .. > -rw-r--r-- 1 root wheel 11942 Jun 27 15:38 LICENSE > -rw-r--r-- 1 root wheel 8652 Jun 27 15:38 access > -rw-r--r-- 1 root wheel 245 Jun 28 20:18 aliases > -rw-r--r-- 1 root wheel 65536 Jun 28 20:46 aliases.db > -rw-r--r-- 1 root wheel 7559 Jun 27 15:38 canonical > -rw-r--r-- 1 root wheel 1152 Dec 17 17:46 main.cf > -rw-r--r-- 1 root wheel 9176 Jun 27 15:38 main.cf.default > -rw-r--r-- 1 root wheel 9176 Nov 25 17:07 main.cf.original > -rw-r--r-- 1 root wheel 2001 Dec 8 15:11 master.2003-12-08 > -rw-r--r-- 1 root wheel 2001 Dec 8 16:05 master.cf > -rw-r--r-- 1 root wheel 5859 Jun 27 15:41 master.cf.original > -rwxr-xr-x 1 root wheel 6035 Jun 27 15:43 master.cf.updated > -rw-r--r-- 1 root wheel 7676 Jun 27 15:38 pcre_table > -rwxr-xr-x 1 root wheel 18866 Jun 27 15:38 post-install > -rw-r--r-- 1 root wheel 8643 Jun 27 15:38 postfix-files > -rwxr-xr-x 1 root wheel 5424 Jun 27 15:38 postfix-script > -rw-r--r-- 1 root wheel 4901 Jun 27 15:38 regexp_table > -rw-r--r-- 1 root wheel 0 Dec 17 17:46 relay_recipients > -rw-r--r-- 1 root wheel 65536 Dec 17 17:54 relay_recipients.db > -rw-r--r-- 1 root wheel 5070 Jun 27 15:38 relocated > drwxr-xr-x 2 root wheel 1536 Dec 15 16:47 samples > -rw-r--r-- 1 root wheel 499 Jun 27 15:44 transport > -rw-r--r-- 1 root wheel 65536 Jun 28 14:07 transport.db > -rw-r--r-- 1 root wheel 9131 Jun 27 15:43 transport.original > -rw-r--r-- 1 root wheel 9682 Jun 27 15:38 virtual > ----------snip here---------- > > > > ----------snip here---------- > # sudoers file. > # > # This file MUST be edited with the 'visudo' command as root. > # > # See the sudoers man page for the details on how to write a sudoers file. > # > > # Host alias specification > > # User alias specification > User_Alias FILTER = filter > > # Cmnd alias specification > Cmnd_Alias RELOAD = /usr/local/sbin/postfix reload > Cmnd_Alias MAP = /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients > Cmnd_Alias RECIPS = /usr/local/etc/postfix/relay_recipients > Cmnd_Alias DB = /usr/local/etc/etc/postfix/relay_recipients.db > Cmnd_Alias COPYRELAY = /bin/cp /usr/local/etc/postfix > Cmnd_Alias RMRELAY = /bin/rm /usr/local/etc/postfix > > # Defaults specification > Defaults syslog=auth > Defaults:filter !authenticate > > # User privilege specification > root ALL=(ALL) ALL > FILTER ALL=RELOAD, MAP, RECIPS, DB, COPYRELAY, RMRELAY > > # Uncomment to allow people in group wheel to run all commands > # %wheel ALL=(ALL) ALL > > # Same thing without a password > # %wheel ALL=(ALL) NOPASSWD: ALL > > # Samples > # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom > # %users localhost=/sbin/shutdown -h now > ----------snip here---------- > -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"