[sudo-users] runas_default= not working as expected. Dropping to root instead of user runas_default=
Todd C. Miller
Todd.Miller at courtesan.com
Tue Aug 9 14:13:27 EDT 2011
On Tue, 02 Aug 2011 15:47:42 +0200, arjen at itcloud.nl wrote:
> I'm running debian squeeze and getting unexpected results when running
> 'sudo -i'
> expected a bash shell as the configured runas_default=tomcat, instead
> recieving a shell running as root.
> This is working perfectly on lenny with 1.6.9p17. When replacing the
> binary(1.7.4p4) on squeeze with 1.6.9p17 it's working again.
> seems to me the behavior changed.
This is a bug. In sudo 1.6 there was a callback when the runas_default
setting was changed to update the runas password struct. This was
removed in sudo 1.7 as it is no longer needed for file-based sudoers.
However, since runas_default can be set on a per-record basis in
LDAP sudoers, it still needs the callback.
The bug will be fixed in the next release of sudo.
More information about the sudo-users