Closed zhanhb closed 2 years ago
This is weird. I remember specifically testing sudo
on those boxes after a recent change, and they worked just fine. However, looking at the diff again, some of the sudoers
configuration files are now written to /etc/sudoers
instead of /usr/local/etc/sudoers
, so it never should have worked to begin with. Looks like I'll have to do another run of tests some time soon.
As far as I can tell, HardenedBSD and FreeBSD are also affected by this issue (as an example, the diff for freebsd11), so would you mind to include the same fix for those boxes as well?
Command sudo
works fine on freebsd13 and hardenedbsd11, I'm not sure if they need to fixed for freebsd and hardenedbsd.
@timschumi was sudo not working on DragonFlyBSD? I think they're in /usr/local/etc/sudoers.d/
because that was (and is?) the way the BSD sudo package works. If Dfly needs this change, then it's because Dfly changed where it looks for sudoer files by default.
was sudo not working on DragonFlyBSD?
It's possible that I missed dragonfly during my test run because I usually only think of OpenBSD, FreeBSD and HardenedBSD whenever someone mentions "BSD".
If Dfly needs this change, then it's because Dfly changed where it looks for sudoer files by default.
It's the other way around. By applying the recent sudoes file change (the fqdn stuff) we acidentally pasted the wrong sudoers path, so the file is now no longer in /usr/local/etc/sudoers.d
but rather in /etc/sudoers.d
(where it would be on a Linux distro).
This happened with all the BSD boxes (except for OpenBSD, as we never applied the change there, and freebsd13
, as the heredoc already existed and you didn't need to copy over another one), but the non-dfly boxes either do have a very insecure default configuration after installing sudo or they look inside /etc/sudoers.d
anyways.
I tested Dfly and it's broken as well. I read the diff backwards. You're right. I'll move those sudoers back to the right directory.
@timschumi I restored /usr/local/ file path for FreeBSD/HardenedBSD and OpenBSD. So hopefully that was the right call.
Also don't forget about the grandpappy of the bunch NetBSD. Of the still BSDs that are still alive, I think it's the oldest, beating out FreeBSD by a few months. If you want something older you'll need a PDP-11. I loan you mine, but I miss-placed mine, quite awhile back and still haven't found it.
386BSD would be older, but it died a few years ago.
Not sure if #227 is fixed, but the path should be like that