[sudo-users] sudo ldap and local sudoers messy situation
Todd C. Miller
Todd.Miller at courtesan.com
Sun Dec 30 14:46:06 EST 2012
On Fri, 28 Dec 2012 10:31:17 +0200, =?UTF-8?B?T251ciBZYWxhesSx?= wrote:
> I'm trying to integrate sudo and ldap and everything with ldap works
> like a charm on ubuntu 12.04.
> But there is a problem while using local system user and sudoers file as
> an fallback. If ldap integration is on and sudo ing with a system user
> and sudoers file, sudo won't change uid and gid to 0, but change euid
> and to 0. Disabling sudoers ldap integration makes the problem disappear.
What version of sudo are you running? I'm unable to reproduce this
on Ubuntu 12.04 with the Ubuntu sudo-ldap 1.8.3p1 package.
$ grep sudoers /etc/nsswitch.conf
sudoers: ldap files
I created a local test user with sudoers permission in /etc/sudoers
# su testuser
$ sudo -ll
Matching Defaults entries for testuser on this host:
Runas and Command-specific defaults for testuser:
User testuser may run the following commands on this host:
$ sudo id
uid=0(root) gid=0(root) groups=0(root)
Can you show the output of "sudo -ll" run by sysbot? It looks like
the stay_setuid option might be set in sudoers, though I would expect
that to affect the ldap case too.
More information about the sudo-users