[sudo-users] 1.9.13 SUDO Error with LogSubcmds?
Todd C. Miller
Todd.Miller at sudo.ws
Mon Feb 20 07:26:06 MST 2023
On Mon, 20 Feb 2023 14:09:08 +0000, "Dolan, Sean via sudo-users" wrote:
> I am using 1.9.13 on RedHat 7.9, SELINUX is enabled. For testing purposes,
> I want to simply allow a user to do a "sudo su -" to become root. I want to
> see the "log_subcmds" directive in action. When I have the "log_subcmds"
> in the sudoers, the following errors occur: (If I comment it out, everythin
> g works fine and I can sudo su - )
If you disable intercept_verify that should work around the
problem. For example:
Defaults !intercept_verify
The problem is that sudo is being too strict with how it verifies
the execve arguments.
- todd
More information about the sudo-users
mailing list