sudo command trying to search for hostname
Recently, I have changed the sudoers file and the hostname through /etc/hostname. After changing this files, my sudo command is taking a lot of time. Also, it says sudo unable to resolve host kaagini(hostname of my machine).
Why does sudo have to know the hostname for providing permission to something ??
My sudoers file has a command "Defaults env_reset". I saw some similar questions but the context is not a remote login here. The error is showing on a localhost.
Initial googling for the problem says that the /etc/hosts file must have the actual hostname for 127.0.0.1 . This fixed my issue. But my actual question is : Why do we require this for sudo ?? Should the sudo work irrespective of the place of login.
Solution 1:
The /etc/sudoers
file is designed to be able to be distributed among multiple servers. In order to accomplish this, each permission in the file has a host portion.
This is usually set to ALL=
which means that the permission is valid for any server, however it can be set to specific hosts:
%sudo kaagini=(ALL) ALL
In order for sudo to know wether this rule should be applied, it needs to lookup the host it is running on. It uses a call that relies on the /etc/hosts
being correct, which is why it fails if it is not right.
It might be argued that sudo
doesn't need to bother doing a name lookup if the host portion is set to ALL=
for all permissions, but it just doesn't work that way - it appears to work out where it running is prior to processing the rules.
This is really for ease of maintenance as sudo only reads /etc/sudoers to see what the user can do on the current machine. But as an admin with 100 servers, this might require 100 different /etc/sudoers files to maintain. Because sudoers has a host portion in the permissions, you can maintain a single sudoers file and distribute it to all machines, yet still have granularity over what users can do on each machine.
Solution 2:
Thanks to the linked bug report filed by Matthias Urlichs in another comment, the following command solved the issue for me:
Defaults !fqdn
Place this line in the /etc/sudoers
file