[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2
Todd C. Miller
Todd.Miller at courtesan.com
Fri Mar 17 10:42:13 MDT 2017
On Wed, 15 Mar 2017 07:32:53 -0000, Rudi Kramer wrote:
> After further investigation, it turns out that the file permissions on the
> seq file (and all other files in the user/0* sub-folder) were changed to
> 0400. I think this is why the seq file could not be updated and
> subsequently, sudo thinks it's should create a folder which already exists.
>
> We are investigating on our side why this could be happening but I was
> wondering if any of your code could be responsible for changing the file
> permissions?
Sudo creates that file as mode 0600 by default. If iolog_mode was
set to 0400 in sudoers that might explain it. Sudo should probably
prevent you from creating non-writable I/O log files.
Also, it turns out that sudo will open the I/O log files as root
even when iolog_user is set. The owner will be changed after the
file is created but that doesn't help if NFS is remapping root to
a different user.
Both of those issues will be fixed in the next sudo release.
- todd
More information about the sudo-users
mailing list