localhost in sudoers

Sat Jan 19 23:10:30 PST 2008

>>>>> On Sat, 19 Jan 2008 23:40:35 +0000, Chris Whitehouse <cwhiteh at onetel.com> said:

    Chris> I think my question really is why doesn't sudoers recognise localhost
    Chris> or 127.0.0.1?

Quoting from sudo.c of sudo-1.6.8p12 in "init_vars(int)" routine:

----8<----8<----
    /*
     * We avoid gethostbyname() if possible since we don't want
     * sudo to block if DNS or NIS is hosed.
     * "host" is the (possibly fully-qualified) hostname and
     * "shost" is the unqualified form of the hostname.
     */
    sudo_user.host_fqdn_queried = FALSE;
    nohostname = gethostname(thost, sizeof(thost));
    if (nohostname)
	user_host = user_shost = "localhost";
    else {
	user_host = estrdup(thost);
	if ((p = strchr(user_host, '.'))) {
	    *p = '\0';
	    user_shost = estrdup(user_host);
	    *p = '.';
	} else {
	    user_shost = user_host;
	}
    }
---->8---->8----

As you can see, it uses gethostname() to return the hostname. So, your
host won't be 'localhost' unless its not able to retrieve hostname or
your hostname is set to 'localhost'.

Why they did this probably because any entry for 'localhost' is valid
for execution on all machines, ;) .

HTH
-- 
Ashish Shukla आशीष शुक्ल                      http://wahjava.wordpress.com/
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080120/775a26f2/attachment.pgp