[sudo-users] sudo script is not sending mail as the invoking user -resolved
David.Tansley at acegroup.com
Sat Sep 19 05:38:30 MDT 2015
OK, after much experimenting, sudo does not send the email as the invoking user under AIX (6/7)if using:
sendmail -t .....
Also putting SIGNATURE env var ( mail uses the gecos field of the user to override ) in sudoers, seems to have done the trick with mailx and mail.
So a bit of script amendments for me.
Now all looks good. Can send mails under invoking user , recipients get mail as the invoking user, with all the report attachments. Thanks for your help.
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: 18 September 2015 14:10
To: Tansley, David
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] sudo script is not sending mail as the invoking user
There was a bug in older versions of sudo 1.8.x where the parent sudo process (but not the actual command) was run with the effective uid of the user and not root. It's possible that this influenced the user mail used by default.
The change set in question is:
I don't know why mail would be looking at the parent process instead of just using the login uid.
For what it's worth, if you run /usr/sbin/sendmail directly instead of via /usr/bin/mail it will honor the LOGNAME environment variable.
$ /usr/sbin/sendmail -t << EOF
This email is intended for the designated recipient(s) only, and may be confidential, non-public, proprietary, protected by the attorney/client or other privilege. Unauthorized reading, distribution, copying or other use of this communication is prohibited and may be unlawful. Receipt by anyone other than the intended recipient(s) should not be deemed a waiver of any privilege or protection. If you are not the intended recipient or if you believe that you have received this email in error, please notify the sender immediately and delete all copies from your computer system without reading, saving, or using it in any manner. Although it has been checked for viruses and other malicious software ("malware"), we do not warrant, represent or guarantee in any way that this communication is free of malware or potentially damaging defects. All liability for any actual or alleged loss, damage, or injury arising out of or resulting in any way from the receipt, opening or use of this email is expressly disclaimed.
More information about the sudo-users