[sudo-users] sudoreplay "best practice" questions
Todd C. Miller
Todd.Miller at courtesan.com
Sat Jan 14 06:35:05 MST 2017
On Fri, 13 Jan 2017 10:15:34 +0200, Divan Santana wrote:
> I've tested this ignore_iolog_errors though it's not working as I'd
> expect (very) unfortunately. :(
> It works if the /var/log/sudo-io is a local FS and has filled up.
> If /var/log/sudo-io is a NFS share goes down I see this:
> sudo: unable to open /var/log/sudo-io/seq: Stale NFS file handle
> And most importantly sudo fails to work. I'd expect the error and for
> sudo to continue working.
> Similarly I have tested like this, which also breaks sudo despite
> ignore_iolog_errors being set:
> [root at testnode:/root]# rm -rf /var/log/sudo-io
> [root at testnode:/root]# touch /var/log/sudo-io
> username at testnode:~ » sudo su -
> [sudo] password for username:
> sudo: /var/log/sudo-io exists but is not a directory (0100644)
> username at testnode:~ »
> This is with version 1.8.18p1.
Both of these issues should be fixed in sudo 1.8.19p2, available now.
More information about the sudo-users