[sudo-users] sudo in /var/run

Dominick Grift dac.override at gmail.com
Thu Oct 30 14:10:05 MDT 2014

I am not sure if this applies to only my distro or, if it is a upstream feature but in my distro sudo maintains content in /var/run

Whoever runs sudo first gets his or her MAC-security identifiers associated with /var/run/sudo/.*

This causes issues when those MAC-security identifiers are used to govern access

I suppose there is a good reason for why /var/run/sudo and /var/run/sudo/ts get created the way that they do.

Why can those directories not just be installed, or maintained by systemd-tmpfiles. This would ensure that those directories would be associated with the appropriate MAC-security identifiers (namely the ones associated with the system, and not the ones associated with users)

Is using /var/run/user/$UID/sudo, not a viable option? This would ensure UID-based seperation, and this would solve the issue without requiring any other modifications, since the location is limited to only that user

Each user running sudo would get its own /var/run/user/$UID/sudo directory with its own MAC security identifiers

Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20141030/de74435d/attachment.bin>

More information about the sudo-users mailing list