[sudo-users] Run as multiple groups without password with sudo
Todd C. Miller
Todd.Miller at courtesan.com
Thu Apr 16 13:22:20 MDT 2015
On Wed, 15 Apr 2015 18:29:11 +0100, Khalid wrote:
> Yes it shouldn't work, what i haven't gave you is the runas alias:
>
> Runas_Alias JAILED_USERS = #8800,#8801,#8802
> > ALL ALL = (JAILED_USERS) NOPASSWD: ALL
Aha, now I can see what is happening. The following commit will
preserve the invoking user's group ID when running a command as a
uid that is not present in the passwd database.
http://www.sudo.ws/repos/sudo/rev/4154970432df
- todd
diff -r e08d38481041 -r 4154970432df plugins/sudoers/sudoers.c
--- a/plugins/sudoers/sudoers.c Tue Apr 14 09:50:40 2015 -0600
+++ b/plugins/sudoers/sudoers.c Thu Apr 16 13:19:04 2015 -0600
@@ -950,7 +950,7 @@
uid_t uid = sudo_strtoid(user + 1, NULL, NULL, &errstr);
if (errstr == NULL) {
if ((pw = sudo_getpwuid(uid)) == NULL)
- pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
+ pw = sudo_fakepwnam(user, user_gid);
}
}
if (pw == NULL) {
diff -r e08d38481041 -r 4154970432df plugins/sudoers/testsudoers.c
--- a/plugins/sudoers/testsudoers.c Tue Apr 14 09:50:40 2015 -0600
+++ b/plugins/sudoers/testsudoers.c Thu Apr 16 13:19:04 2015 -0600
@@ -357,7 +357,7 @@
uid_t uid = sudo_strtoid(user + 1, NULL, NULL, &errstr);
if (errstr == NULL) {
if ((pw = sudo_getpwuid(uid)) == NULL)
- pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
+ pw = sudo_fakepwnam(user, user_gid);
}
}
if (pw == NULL) {
More information about the sudo-users
mailing list