[sudo-users] sudo ldap and local sudoers messy situation

Onur Yalazı onuryalazi at mersin.edu.tr
Fri Dec 28 03:31:17 EST 2012


I'm trying to integrate sudo and ldap and everything with ldap works 
like a charm on ubuntu 12.04.

But there is a problem while using local system user and sudoers file as 
an fallback. If ldap integration is on and sudo ing with a system user 
and sudoers file, sudo won't change uid and gid to 0, but change euid 
and to 0. Disabling sudoers ldap integration makes the problem disappear.

Is this a bug or a feature? But this makes things really messy.

user yalazi from ldap passwd and ldap sudoers.

yalazi at yoda:~$ id
uid=2084(yalazi) gid=2084(yalazi) groups=2084(yalazi),4001(serveradmins)

yalazi at yoda:~$ sudo id
uid=0(root) gid=0(root) groups=0(root)

user sysbot fro m local passwd and local sudoers

yalazi at yoda:~$ sudo su - sysbot
sysbot at yoda:~$ id
uid=11111(sysbot) gid=11111(sysbot) groups=11111(sysbot)

sysbot at yoda:~$ sudo id
uid=11111(sysbot) gid=11111(sysbot) euid=0(root) 

sysbot at yoda:~$ sudo apt-get update
...... [hit]
...... [hit]
E: Unable to write to /var/cache/apt/
E: The package lists or status file could not be parsed or opened.

Also opening a file without write permissions for sysbot with vim would 
turn out a readonly file and failed save operation with :w. But force 
writing the file with :w! results in a successful write.

More information about the sudo-users mailing list