[Samba] Fwd: Winbind and GPO access restrictions?
Rowland Penny
rpenny at samba.org
Sat Oct 2 20:16:38 UTC 2021
On Sat, 2021-10-02 at 22:05 +0200, Kees van Vloten via samba wrote:
> On 02-10-2021 21:58, Rowland Penny via samba wrote:
> > On Sat, 2021-10-02 at 21:51 +0200, Kees van Vloten via samba wrote:
> > > I don't know what you have in /etc/sudoers or /etc/sudoers.d.
> > I have already shown that my name is not in /etc/sudoers and
> > /etc/sudoers.d/ is virtually empty:
> >
> > rowland at devstation:~$ ls /etc/sudoers.d
> > README
> >
> > But I can use sudo.
> >
> > Rowland
> >
> >
> >
> Indeed you did, but you did not show the /etc/sudoers file. I would
> expect it to contain a line that allows a group you are member of to
> provide you root access.
Believe me it doesn't
>
> If you want to see sudo-rules that are matching for your user you can
> do
> sudo -l from your user.
Here you are:
rowland at devstation:~$ sudo -l
[sudo] password for rowland:
Matching Defaults entries for rowland on devstation:
!env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin
\:/bin, env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/
sbin\:/bin
User rowland may run the following commands on devstation:
(ALL : ALL) ALL
Would it help if I told you that I do this on all my Unix domain
members and DC's without modifying any sudo files ?
Rowland
More information about the samba
mailing list