Require different /etc/sudoers permission on 2 sles 10 x64 box?

filex · 04-14-2009, 02:18 AM

I'm getting 2 different /etc/sudoers permission error message on 2 SLES 10 x64 box.

---------
SERVER01
---------
server01:/ # rpm -qf /usr/bin/sudo
sudo-1.6.8p12-18.2
server01:/ # cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
server01:/ # ls -l /etc/sudoers
-r--r----- 1 root root 1796 Feb 18 09:38 /etc/sudoers

user01@server01:~> sudo su -
sudo: /etc/sudoers is mode 0440, should be 0640

/var/log/messages
Apr 14 08:37:11 server01 sudo: user01 : /etc/sudoers is mode 0440, should be 0640 ; TTY=pts/3 ; PWD=/home/user01 ; USER=root ; COMMAND=/bin/su -

--------
SERVER02
--------
sapbipdj:~ # rpm -qf /usr/bin/sudo
sudo-1.6.8p12-18.14

sapbipdj:~ # cat /etc/SuSE-release
SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 1

user02@server02:~> sudo su -
sudo: /etc/sudoers is mode 0640, should be 0440

server02:~ # ls -l /etc/sudoers
-rw-r----- 1 root root 1796 Feb 18 16:38 /etc/sudoers

/var/log/message
Apr 14 15:15:25 server02 sudo: user02 : /etc/sudoers is mode 0640, should be 0440 ; TTY=pts/1 ; PWD=/home/user02 ; USER=root ; COMMAND=/bin/su -

Any idea? Please advise.

acid_kewpie · 04-14-2009, 02:46 AM

Ahh, took me a while to see what the issue was... well they are different version rpm's so I'd upgrade both and look to have 440 across all instances for consistency. If you want to change the rights from what the binary wants I believe you'd need to recompile it.

filex · 04-14-2009, 03:21 AM

I'm not sure whether this is sudo RPM or SuSE service pack version? I cant do any upgrade right now because it's a PRODUCTION box.

acid_kewpie · 04-14-2009, 03:23 AM

I'm lead to believe that the rights on the file are recorded when sudo is compiled and if they don't match then trouble ensues. So it's most likely the responsibility of the packager themselves. Do you have some form of centralized file distribution of job scheduling which might account for the permissions on these files differing? Or reasons you'd be aware of outside of that?

filex · 04-15-2009, 02:02 AM

It's confirmed.

sudo-1.6.8p12-18.14 RPM - /etc/sudoers required permission 440
and
sudo-1.6.8p12-18.2 RPM - /etc/sudoers required permission 640

Problem solved.

Thanks.