Date: 18 Dec 2003 19:59:59 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "KURT BUFF" <kurtbuff@spro.net> Cc: freebsd-questions@freebsd.org Subject: Re: can't figure out a problem with sudo Message-ID: <44fzfhr59s.fsf@be-well.ilk.org> In-Reply-To: <7049.216.202.42.5.1071713687.squirrel@webmail.spro.net> References: <7049.216.202.42.5.1071713687.squirrel@webmail.spro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"KURT BUFF" <kurtbuff@spro.net> writes: > I'm starting to lose some hair, running a command through sudo. Other > commands work just fine through sudo, just one of them doesn't work. > > The command is this: > > sudo cp /home/filter/pfm/relay_recipients /usr/local/etc/postfix. > > It fails with the following error message: > > Sorry, user filter is not allowed to execute '/bin/cp > /home/filter/pfm/relay_recipients /usr/local/etc/postfix' as root on > mail2. Looks correct. I don't see anything that allows this command. What is COPYRELAY supposed to do? > The command that comes after that: > > sudo /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients Which is covered by MAP, so it makes sense that should work. > works just fine. > > I've included the directory listing below, and the sudoers file. > > Any help would be greatly appreciated. > > Thanks, > > Kurt > > ----------snip here---------- > mail2% ls -al /usr/local/etc/postfix > total 298 > drwxr-xr-x 3 root wheel 2048 Dec 17 17:46 . > drwxr-xr-x 4 root wheel 512 Dec 17 18:05 .. > -rw-r--r-- 1 root wheel 11942 Jun 27 15:38 LICENSE > -rw-r--r-- 1 root wheel 8652 Jun 27 15:38 access > -rw-r--r-- 1 root wheel 245 Jun 28 20:18 aliases > -rw-r--r-- 1 root wheel 65536 Jun 28 20:46 aliases.db > -rw-r--r-- 1 root wheel 7559 Jun 27 15:38 canonical > -rw-r--r-- 1 root wheel 1152 Dec 17 17:46 main.cf > -rw-r--r-- 1 root wheel 9176 Jun 27 15:38 main.cf.default > -rw-r--r-- 1 root wheel 9176 Nov 25 17:07 main.cf.original > -rw-r--r-- 1 root wheel 2001 Dec 8 15:11 master.2003-12-08 > -rw-r--r-- 1 root wheel 2001 Dec 8 16:05 master.cf > -rw-r--r-- 1 root wheel 5859 Jun 27 15:41 master.cf.original > -rwxr-xr-x 1 root wheel 6035 Jun 27 15:43 master.cf.updated > -rw-r--r-- 1 root wheel 7676 Jun 27 15:38 pcre_table > -rwxr-xr-x 1 root wheel 18866 Jun 27 15:38 post-install > -rw-r--r-- 1 root wheel 8643 Jun 27 15:38 postfix-files > -rwxr-xr-x 1 root wheel 5424 Jun 27 15:38 postfix-script > -rw-r--r-- 1 root wheel 4901 Jun 27 15:38 regexp_table > -rw-r--r-- 1 root wheel 0 Dec 17 17:46 relay_recipients > -rw-r--r-- 1 root wheel 65536 Dec 17 17:54 relay_recipients.db > -rw-r--r-- 1 root wheel 5070 Jun 27 15:38 relocated > drwxr-xr-x 2 root wheel 1536 Dec 15 16:47 samples > -rw-r--r-- 1 root wheel 499 Jun 27 15:44 transport > -rw-r--r-- 1 root wheel 65536 Jun 28 14:07 transport.db > -rw-r--r-- 1 root wheel 9131 Jun 27 15:43 transport.original > -rw-r--r-- 1 root wheel 9682 Jun 27 15:38 virtual > ----------snip here---------- > > > > ----------snip here---------- > # sudoers file. > # > # This file MUST be edited with the 'visudo' command as root. > # > # See the sudoers man page for the details on how to write a sudoers file. > # > > # Host alias specification > > # User alias specification > User_Alias FILTER = filter > > # Cmnd alias specification > Cmnd_Alias RELOAD = /usr/local/sbin/postfix reload > Cmnd_Alias MAP = /usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients > Cmnd_Alias RECIPS = /usr/local/etc/postfix/relay_recipients > Cmnd_Alias DB = /usr/local/etc/etc/postfix/relay_recipients.db > Cmnd_Alias COPYRELAY = /bin/cp /usr/local/etc/postfix > Cmnd_Alias RMRELAY = /bin/rm /usr/local/etc/postfix > > # Defaults specification > Defaults syslog=auth > Defaults:filter !authenticate > > # User privilege specification > root ALL=(ALL) ALL > FILTER ALL=RELOAD, MAP, RECIPS, DB, COPYRELAY, RMRELAY > > # Uncomment to allow people in group wheel to run all commands > # %wheel ALL=(ALL) ALL > > # Same thing without a password > # %wheel ALL=(ALL) NOPASSWD: ALL > > # Samples > # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom > # %users localhost=/sbin/shutdown -h now > ----------snip here---------- > -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44fzfhr59s.fsf>