[sudo-users] Getting "sudo: unable to set runas group vector" after upgrading to sudo 1.8.25p1

Gonzalez, Aliep aliep.gonzalez at rbc.com
Fri Dec 7 12:58:34 MST 2018 

Environment: sudo 1.8.25p1 on AIX 7.2

After upgrading to sudo 1.8.25p1 (from 1.7.4p6), I am getting the below error:

q4tw4j5 at uaswfad21:/tmp > sudo -u pwhf0rma /home/pwhf0rma/bin/saa_sudo_command.sh ls -la
sudo: unable to set runas group vector
sudo: unable to set runas group vector
Password:
[compat]: 3004-300 You entered an invalid login name or password.

This is the sudo -l output for that user:

q4tw4j5 at uaswfad21:/tmp > sudo -l
Matching Defaults entries for q4tw4j5 on uaswfad21:
    logfile=/var/adm/sudo.log, always_set_home

User q4tw4j5 may run the following commands on uaswfad21:
    (pwhf0sfa) NOPASSWD: /apps/sfadata/scripts/*, /home/pwhf0sfa/bin/*
    (pwhf0rma) NOPASSWD: /apps/srmadata/scripts/*, /home/pwhf0rma/bin/*
    (pwhf0swp) NOPASSWD: /home/pwhf0swp/bin/*, /apps/alliance/swp/WebPlatformSE/bin/*
q4tw4j5 at uaswfad21:/tmp >

and this is the sudo rule in LDAP:

dn: cn=fg_WHF0_uwhf0uc1_prod_sudo,ou=sudoers,dc=fg,dc=rbccm,dc=com
sudoHost: +fg_WHF0_prod_hosts
sudoCommand: /bin/su - pwhf0rma -c /home/pwhf0rma/bin/*
sudoCommand: /bin/su - pwhf0sfa -c /home/pwhf0sfa/bin/*
sudoCommand: /bin/su - pwhf0sfa -c /apps/sfadata/scripts/*
sudoCommand: /bin/su - pwhf0swp -c /home/pwhf0swp/bin/*
sudoCommand: /bin/su - pwhf0rma -c /apps/srmadata/scripts/*
sudoCommand: /bin/su - pwhf0swp -c /apps/alliance/swp/WebPlatformSE/bin/*
sudoUser: uwhf0uc1
sudoRunAs: root
objectClass: top
objectClass: sudoRole
sudoOption: !authenticate
cn: fg_WHF0_uwhf0uc1_prod_sudo

Note: this rule was working fine up until sudo was upgraded. Looks like all "sudo -u" commands are impacted.

Thanks,
AG



_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.  

Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.

More information about the sudo-users mailing list