[Samba] Fwd: Winbind and GPO access restrictions?

Rowland Penny rpenny at samba.org
Sat Oct 2 20:16:38 UTC 2021

On Sat, 2021-10-02 at 22:05 +0200, Kees van Vloten via samba wrote:
> On 02-10-2021 21:58, Rowland Penny via samba wrote:
> > On Sat, 2021-10-02 at 21:51 +0200, Kees van Vloten via samba wrote:
> > > I don't know what you have in /etc/sudoers or /etc/sudoers.d.
> > I have already shown that my name is not in /etc/sudoers and
> > /etc/sudoers.d/ is virtually empty:
> > 
> > rowland at devstation:~$ ls /etc/sudoers.d
> > 
> > But I can use sudo.
> > 
> > Rowland
> > 
> > 
> > 
> Indeed you did, but you did not show the /etc/sudoers file. I would 
> expect it to contain a line that allows a group you are member of to 
> provide you root access.

Believe me it doesn't

> If you want to see sudo-rules that are matching for your user you can
> do 
> sudo -l from your user.

Here you are:

rowland at devstation:~$ sudo -l
[sudo] password for rowland: 
Matching Defaults entries for rowland on devstation:
    !env_reset, mail_badpass,
\:/bin, env_reset, mail_badpass,

User rowland may run the following commands on devstation:
    (ALL : ALL) ALL

Would it help if I told you that I do this on all my Unix domain
members and DC's without modifying any sudo files ?


More information about the samba mailing list