Comment 10 for bug 32906
Revision history for this message
| Steve Langasek (vorlon) wrote Re: sudo shouldn’t ABSOLUTELY NEED to look up the host it’s running on | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
To clarify, the reason that sudo looks up the local hostname is that /etc/sudoers is designed to be shareable between multiple hosts. (/etc/hosts is too, but this doesn't work if you share an /etc/hosts that gives you no way to look up your own hostname.) In order to know which of the commands in /etc/sudoers are permitted on the present machine, you must be able to figure out which machine is the present machine.
This can include the stacking of more specific *deny* rules together with rules that allow other access on all hosts; so even if sudo were fixed to be more lenient, the most lenient it could be is to discard all rules past the first non-ALL "host" spec. That doesn't prevent fixing this issue for the default Ubuntu /etc/sudoers, but it does show that the requirement for the host lookup is not spurious.