1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108550: reprotest: fails with "sudo: a remote host may only be spe

    From Marc Haber@21:1/5 to Colin Watson on Tue Jul 1 06:40:01 2025
    Good morning everybody,

    sudo maintainer here.

    On Mon, Jun 30, 2025 at 11:44:17PM +0100, Colin Watson wrote:
    reprotest has the following comment and code:

    # -h localhost otherwise we get annoying messages about "can't resolve host"
    # especially when doing the domain_host variation
    SUDO = ['sudo', '-h', 'localhost']

    For the record (from the man page):

    | -h host, --host=host
    | Run the command on the specified host if the security policy
    | plugin supports remote commands. The sudoers plugin does not
    | currently support running remote commands. This may also be used
    | in conjunction with the -l option to list a user's privileges
    | for the remote host.

    That says that the -h host notation has two uses: To run a remote
    command (which is not supported by the suoders plugin anyway) and to
    list a user's privileges for the remote host.

    I'd interpret this as reprotest's call sudo -h localhost using
    undocumented behavior.

    I will talk to sudo upstream about this and report back.

    Greetings
    Marc

    -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marc Haber@21:1/5 to Marc Haber on Sat Jul 5 12:00:01 2025
    On Thu, Jul 03, 2025 at 11:04:05PM +0200, Marc Haber wrote:
    You might wanto try "Defaults !fqdn". This SHOULD turn off the fqdn
    flag even in our builds that have --with-fqdn enabled at compile time.
    Maybe this helps. I am not in a position to try at this time. Let me
    know whether it helps.

    sudo Upstream confirms that adding "Defaults !fqdn" to /etc/sudoers
    should work. Please report back if it doesn't.

    Greetings
    Marc

    -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)