[sudo-users] Run as multiple groups without password with sudo
Todd C. Miller
Todd.Miller at courtesan.com
Wed Apr 15 06:26:20 MDT 2015
On Wed, 15 Apr 2015 12:54:11 +0100, Khalid wrote:
> But i can specify only one group, the only other option is to preserve
> bob's group vector.
>
> Is there a way i can pick the group vector with sodo?
Currently you can only set the real and effective gids. There is
no way to set the group vector.
> And is it normal that i can choose any group without password?
No, that is not normal. Unless sudoers allows it, you should get
an error. For example:
xerxes [~] % sudo -g wheel id
Sorry, user millert is not allowed to execute '/usr/bin/id' as millert:wheel on xerxes.
Perhaps you are running an old version of sudo? There was a bug
like that in sudo versions 1.7.0 - 1.7.4p4. See:
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
- todd
More information about the sudo-users
mailing list