[sudo-users] sudo script is not sending mail as the invoking user
David.Tansley at acegroup.com
Fri Sep 18 08:23:40 MDT 2015
Yes I saw that bug, but I do not think it is the same issue, could be wrong. Clearly this is something to do with AIX upgrade.
Believe still getting the same issue, now installed back to : 1.8.14p3
# ls -l /home/dxtans/testmail2
-rwxr--r-- 1 root system 105 Sep 18 15:06 /home/dxtans/testmail2
# cat /home/dxtans/testmail2
/usr/sbin/sendmail -t <<mayday
As user ndm, so LOGNAME,MAIL spool does get preserved:
$ sudo /home/dxtans/testmail2
Looking at root mail I still get:
Mail [5.2 UCB] [AIX 5.X] Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Fri Sep 18 15:09 12/333 "testing"
Sent from root, when it should be ndm as the invoker.
$ sudo -l
Matching Defaults entries for ndm on uk01wrs6008:
env_keep+="MAIL LIBPATH LOGNAME LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET",
log_output, logfile=/var/adm/sudo.log, !syslog
User ndm may run the following commands on
(root) NOPASSWD: /usr/sbin/sendmail
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: 18 September 2015 14:10
To: Tansley, David
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] sudo script is not sending mail as the invoking user
There was a bug in older versions of sudo 1.8.x where the parent sudo process (but not the actual command) was run with the effective uid of the user and not root. It's possible that this influenced the user mail used by default.
The change set in question is:
I don't know why mail would be looking at the parent process instead of just using the login uid.
For what it's worth, if you run /usr/sbin/sendmail directly instead of via /usr/bin/mail it will honor the LOGNAME environment variable.
$ /usr/sbin/sendmail -t << EOF
This email is intended for the designated recipient(s) only, and may be confidential, non-public, proprietary, protected by the attorney/client or other privilege. Unauthorized reading, distribution, copying or other use of this communication is prohibited and may be unlawful. Receipt by anyone other than the intended recipient(s) should not be deemed a waiver of any privilege or protection. If you are not the intended recipient or if you believe that you have received this email in error, please notify the sender immediately and delete all copies from your computer system without reading, saving, or using it in any manner. Although it has been checked for viruses and other malicious software ("malware"), we do not warrant, represent or guarantee in any way that this communication is free of malware or potentially damaging defects. All liability for any actual or alleged loss, damage, or injury arising out of or resulting in any way from the receipt, opening or use of this email is expressly disclaimed.
More information about the sudo-users