[sudo-users] sudoreplay "best practice" questions

Divan Santana dsantana at fnb.co.za
Sat Jan 14 12:30:24 MST 2017

Todd C. Miller <Todd.Miller at courtesan.com> writes:

> On Fri, 13 Jan 2017 10:15:34 +0200, Divan Santana wrote:
>> I've tested this ignore_iolog_errors though it's not working as I'd
>> expect (very) unfortunately. :(
>> It works if the /var/log/sudo-io is a local FS and has filled up.
>> If /var/log/sudo-io is a NFS share goes down I see this:
>> ```
>> sudo: unable to open /var/log/sudo-io/seq: Stale NFS file handle
>> ```
>> And most importantly sudo fails to work. I'd expect the error and for
>> sudo to continue working.
>> Similarly I have tested like this, which also breaks sudo despite
>> ignore_iolog_errors being set:
>> ```
>> [root at testnode:/root]# rm -rf /var/log/sudo-io
>> [root at testnode:/root]# touch /var/log/sudo-io
>> username at testnode:~ » sudo su -
>> [sudo] password for username:
>> sudo: /var/log/sudo-io exists but is not a directory (0100644)
>> username at testnode:~ »
>> ```
>> This is with version 1.8.18p1.
> Both of these issues should be fixed in sudo 1.8.19p2, available now.

Wow, super quick and great timing. I'll be rolling it out shortly.

Thanks again Todd.
To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: 

If you are unable to access the Disclaimer, send a blank e-mail to
firstrandbankdisclaimer at fnb.co.za and we will send you a copy of the Disclaimer.

More information about the sudo-users mailing list