[sudo-users] : Sudo upgrade impact on scripts run from a job scheduler

[Susan Steele]

We upgraded sudo from v1.7.2-1 to v1.7.9-1 & v1.8.4-5.  Everything works
except a script which runs a sudo command that is called from a job
scheduler.  This does not work after the sudo upgrade.  We can manually run
the same script and sudo command on the server with no problem.  Also, we
successfully ran the same script from cron.  We cannot figure out what
changes were made in the new version of sudo that would cause this to fail.

Versions
Original sudo version that worked:  v1.7.2-1
New sudo versions that did not work:  v1.7.9-1 & v1.8.4-5
AIX:  5300-12-04-1119

Problem Details
After upgrading sudo, a script (which contains a sudo command) was
scheduled to run through a job scheduler (AppWorx), hangs forever.  We see
the script and sudo command in the process table.  The sudo command does
not seem to actually run as there is no entry in the sudo.log.  This script
can be run on the server manually with no problem.

Simplified Example:
The shutdown_rms_app_sudo.ksh script runs one sudo command (see example
below).  These processes will remain in the process table until the job is
cancelled.

lbrmsdevapp41:/etc # ps -ef | grep shut
 apprd41 2457722  868462   0 13:25:13      -  0:00
sh /apps/rd41/rms/XXLCB/bin/shutdown_rms_app_sudo.ksh rd41
 apprd41  532486 2457722   0 13:25:13      -  0:00 /usr/bin/sudo -u
orard41 /XXLCB/bin/shutdown_rms_app.ksh rd41

/etc/group
sudoora:!:504:orard41,apprd41,rfxrd41,oraoem,oradev

sudoers file
%sudoora        ALL=(orard41) NOPASSWD: /XXLCB/bin/shutdown_rms_app.ksh *

Thanks for your help!


Susan Steele