[sudo-users] sudo ldap and local sudoers messy situation
Onur Yalazı
onuryalazi at mersin.edu.tr
Fri Dec 28 03:31:17 EST 2012
Hello,
I'm trying to integrate sudo and ldap and everything with ldap works
like a charm on ubuntu 12.04.
But there is a problem while using local system user and sudoers file as
an fallback. If ldap integration is on and sudo ing with a system user
and sudoers file, sudo won't change uid and gid to 0, but change euid
and to 0. Disabling sudoers ldap integration makes the problem disappear.
Is this a bug or a feature? But this makes things really messy.
Scenario:
user yalazi from ldap passwd and ldap sudoers.
yalazi at yoda:~$ id
uid=2084(yalazi) gid=2084(yalazi) groups=2084(yalazi),4001(serveradmins)
yalazi at yoda:~$ sudo id
uid=0(root) gid=0(root) groups=0(root)
user sysbot fro m local passwd and local sudoers
yalazi at yoda:~$ sudo su - sysbot
sysbot at yoda:~$ id
uid=11111(sysbot) gid=11111(sysbot) groups=11111(sysbot)
sysbot at yoda:~$ sudo id
uid=11111(sysbot) gid=11111(sysbot) euid=0(root)
groups=0(root),11111(sysbot)
sysbot at yoda:~$ sudo apt-get update
...... [hit]
...... [hit]
......
E: Unable to write to /var/cache/apt/
E: The package lists or status file could not be parsed or opened.
Also opening a file without write permissions for sysbot with vim would
turn out a readonly file and failed save operation with :w. But force
writing the file with :w! results in a successful write.
More information about the sudo-users
mailing list