Date: Wed, 15 Sep 2021 15:51:58 -0700 From: Craig Leres <leres@freebsd.org> To: Cy Schubert <cy@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: c403b7871cf0 - main - securty/sudo: Update to 1.9.8 Message-ID: <88bd0117-cc31-8aa6-a0e8-45af8e1e6a9f@freebsd.org> In-Reply-To: <202109141650.18EGoo8I031474@gitrepo.freebsd.org> References: <202109141650.18EGoo8I031474@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/14/21 9:50 AM, Cy Schubert wrote: > The branch main has been updated by cy: > > URL:https://cgit.FreeBSD.org/ports/commit/?id=c403b7871cf09f123de4151bb77e8438f342075e > > commit c403b7871cf09f123de4151bb77e8438f342075e > Author: Cy Schubert<cy@FreeBSD.org> > AuthorDate: 2021-09-13 15:32:19 +0000 > Commit: Cy Schubert<cy@FreeBSD.org> > CommitDate: 2021-09-14 16:50:22 +0000 > > securty/sudo: Update to 1.9.8 > > Major changes between sudo 1.9.8 and 1.9.7p2: This version isn't really working for me. I have some nagios checks that run from nrpe3 as nagios that need root access. I install files in /usr/local/etc/sudoers.d, e.g: User_Alias CHECK_SSLCERT_ADMINS = nagios, leres Cmnd_Alias CHECK_SSLCERT = /usr/local/libexec/check_sslcert CHECK_SSLCERT_ADMINS ALL = (root) NOPASSWD: CHECK_SSLCERT When I run the same command that nrpe3 is running I can see the error: zinc 31 % /usr/local/bin/sudo -c root /usr/local/libexec/check_sslcert -l 21 /usr/local/etc/letsencrypt/live/mod.lbl.gov/cert.pem sudo: (null): option "use_loginclass" does not take a value sudo: error initializing audit plugin sudoers_audit I tried rebuilding with AUDIT disabled but it doesn't change anything. Some of my systems had an older/non-default sudo.conf that had some plugins enabled: Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so Plugin sudoers_audit sudoers.so but switching to the sudo.conf.defaults version (which has these commented out) also doesn't help. I'm so far unable to determine if my config is defective or if the new sudo is borked. Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88bd0117-cc31-8aa6-a0e8-45af8e1e6a9f>