Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Sep 2021 15:51:58 -0700
From:      Craig Leres <leres@freebsd.org>
To:        Cy Schubert <cy@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   Re: git: c403b7871cf0 - main - securty/sudo: Update to 1.9.8
Message-ID:  <88bd0117-cc31-8aa6-a0e8-45af8e1e6a9f@freebsd.org>
In-Reply-To: <202109141650.18EGoo8I031474@gitrepo.freebsd.org>
References:  <202109141650.18EGoo8I031474@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 9/14/21 9:50 AM, Cy Schubert wrote:
> The branch main has been updated by cy:
> 
> URL:https://cgit.FreeBSD.org/ports/commit/?id=c403b7871cf09f123de4151bb77e8438f342075e
> 
> commit c403b7871cf09f123de4151bb77e8438f342075e
> Author:     Cy Schubert<cy@FreeBSD.org>
> AuthorDate: 2021-09-13 15:32:19 +0000
> Commit:     Cy Schubert<cy@FreeBSD.org>
> CommitDate: 2021-09-14 16:50:22 +0000
> 
>      securty/sudo: Update to 1.9.8
>      
>      Major changes between sudo 1.9.8 and 1.9.7p2:

This version isn't really working for me. I have some nagios checks that 
run from nrpe3 as nagios that need root access. I install files in 
/usr/local/etc/sudoers.d, e.g:

     User_Alias      CHECK_SSLCERT_ADMINS = nagios, leres
     Cmnd_Alias      CHECK_SSLCERT = /usr/local/libexec/check_sslcert
     CHECK_SSLCERT_ADMINS ALL = (root) NOPASSWD: CHECK_SSLCERT

When I run the same command that nrpe3 is running I can see the error:

     zinc 31 % /usr/local/bin/sudo -c root 
/usr/local/libexec/check_sslcert -l 21 
/usr/local/etc/letsencrypt/live/mod.lbl.gov/cert.pem
     sudo: (null): option "use_loginclass" does not take a value
     sudo: error initializing audit plugin sudoers_audit

I tried rebuilding with AUDIT disabled but it doesn't change anything. 
Some of my systems had an older/non-default sudo.conf that had some 
plugins enabled:

     Plugin sudoers_policy sudoers.so
     Plugin sudoers_io sudoers.so
     Plugin sudoers_audit sudoers.so

but switching to the sudo.conf.defaults version (which has these 
commented out) also doesn't help.

I'm so far unable to determine if my config is defective or if the new 
sudo is borked.

		Craig

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88bd0117-cc31-8aa6-a0e8-45af8e1e6a9f>