[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2

Todd C. Miller Todd.Miller at courtesan.com
Fri Mar 17 10:42:13 MDT 2017

On Wed, 15 Mar 2017 07:32:53 -0000, Rudi Kramer wrote:

> After further investigation, it turns out that the file permissions on the
> seq file (and all other files in the user/0* sub-folder) were changed to
> 0400. I think this is why the seq file could not be updated and
> subsequently, sudo thinks it's should create a folder which already exists.
> We are investigating on our side why this could be happening but I was
> wondering if any of your code could be responsible for changing the file
> permissions?

Sudo creates that file as mode 0600 by default.  If iolog_mode was
set to 0400 in sudoers that might explain it.  Sudo should probably
prevent you from creating non-writable I/O log files.

Also, it turns out that sudo will open the I/O log files as root
even when iolog_user is set.  The owner will be changed after the
file is created but that doesn't help if NFS is remapping root to
a different user.

Both of those issues will be fixed in the next sudo release.

 - todd

More information about the sudo-users mailing list