[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2
Todd C. Miller
Todd.Miller at courtesan.com
Wed Mar 8 08:46:45 MST 2017
I'm not sure why the seq file is mode 0400 and not 0600. Sudo will
overwrite an existing I/O log if it exists. This makes it possible
to set the max sequence number and have the I/O log files auto-rotate
after a certain number.
The permission denied problem you are seeing sounds like uid 0 is
being remapped to an unprivileged uid on the NFS server. You may
wish to use the iolog_user setting to use a non-root user ID for
the I/O logs. You will need to chown the existing I/O log dirs to
the new user if you do this.
The iolog_user and iolog_group settings were introduced in sudo
1.8.19 so they may not be available on all your systems, though you
can use the updated sudo packages on https://www.sudo.ws/download.html
- todd
More information about the sudo-users
mailing list