[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2
Rudi Kramer
rudi.kramer at gmail.com
Wed Mar 15 01:32:53 MDT 2017
Hi Todd,
Apologies for getting back to you so late.
We set the uuid/guid to a high number and then had the NFS share use the
same number but we ran into the same problem.
After further investigation, it turns out that the file permissions on the
seq file (and all other files in the user/0* sub-folder) were changed to
0400. I think this is why the seq file could not be updated and
subsequently, sudo thinks it's should create a folder which already exists.
We are investigating on our side why this could be happening but I was
wondering if any of your code could be responsible for changing the file
permissions?
On Wed, 8 Mar 2017 at 17:46 Todd C. Miller <Todd.Miller at courtesan.com>
wrote:
> I'm not sure why the seq file is mode 0400 and not 0600. Sudo will
> overwrite an existing I/O log if it exists. This makes it possible
> to set the max sequence number and have the I/O log files auto-rotate
> after a certain number.
>
> The permission denied problem you are seeing sounds like uid 0 is
> being remapped to an unprivileged uid on the NFS server. You may
> wish to use the iolog_user setting to use a non-root user ID for
> the I/O logs. You will need to chown the existing I/O log dirs to
> the new user if you do this.
>
> The iolog_user and iolog_group settings were introduced in sudo
> 1.8.19 so they may not be available on all your systems, though you
> can use the updated sudo packages on https://www.sudo.ws/download.html
>
> - todd
>
More information about the sudo-users
mailing list