[sudo-users] runas_default= not working as expected. Dropping to root instead of user runas_default=

Todd C. Miller Todd.Miller at courtesan.com
Tue Aug 9 14:13:27 EDT 2011

On Tue, 02 Aug 2011 15:47:42 +0200, arjen at itcloud.nl wrote:

>  I'm running debian squeeze and getting unexpected results when running 
>  'sudo -i'
>  expected a bash shell as the configured runas_default=tomcat, instead 
>  recieving a shell running as root.
>  This is working perfectly on lenny with 1.6.9p17. When replacing the 
>  binary(1.7.4p4) on squeeze with 1.6.9p17 it's working again.
>  seems to me the behavior changed.

This is a bug.  In sudo 1.6 there was a callback when the runas_default
setting was changed to update the runas password struct.  This was
removed in sudo 1.7 as it is no longer needed for file-based sudoers.
However, since runas_default can be set on a per-record basis in
LDAP sudoers, it still needs the callback.

The bug will be fixed in the next release of sudo.

 - todd

More information about the sudo-users mailing list