[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2

Todd C. Miller Todd.Miller at courtesan.com
Wed Mar 8 08:46:45 MST 2017

I'm not sure why the seq file is mode 0400 and not 0600.  Sudo will
overwrite an existing I/O log if it exists.  This makes it possible
to set the max sequence number and have the I/O log files auto-rotate
after a certain number.

The permission denied problem you are seeing sounds like uid 0 is
being remapped to an unprivileged uid on the NFS server.  You may
wish to use the iolog_user setting to use a non-root user ID for
the I/O logs.  You will need to chown the existing I/O log dirs to
the new user if you do this.

The iolog_user and iolog_group settings were introduced in sudo
1.8.19 so they may not be available on all your systems, though you
can use the updated sudo packages on https://www.sudo.ws/download.html

 - todd

More information about the sudo-users mailing list