[sudo-users] Calling sudo from PHP script under Apache httpd

Tue Feb 16 09:34:33 MST 2021

Добрый день Todd,

Thursday, February 11, 2021, 7:18:15 PM, Вы написали:

> On Thu, 11 Feb 2021 19:04:13 +0200, Dima Goncharuck wrote:

>> Feb 11 18:52:08 sudo[5079] set_perms: PERM_INITIAL: ruid: 10001, euid: 0, sui
>> d: 0, rgid: 10001, egid: 10001, sgid: 10001
>> Feb 11 18:52:08 sudo[5079] -> set_callbacks @ ./sudoers.c:1584
>> Feb 11 18:52:08 sudo[5079] <- set_callbacks @ ./sudoers.c:1635
>> Feb 11 18:52:08 sudo[5079] -> set_runaspw @ ./sudoers.c:1304
>> Feb 11 18:52:08 sudo[5079] <- set_runaspw @ ./sudoers.c:1327 := true
>> Feb 11 18:52:08 sudo[5079] <- init_vars @ ./sudoers.c:878 := true
>> Feb 11 18:52:08 sudo[5079] set_perms: PERM_ROOT: uid: [10001, 0, 0] -> [0, 0,
>>  0]
>> Feb 11 18:52:08 sudo[5079] PERM_ROOT: setresuid(0, -1, -1): Operation not per
>> mitted @ set_perms() ./set_perms.c:361
>> Feb 11 18:52:08 sudo[5079] <- sudoers_init @ ./sudoers.c:193 := -1

> Clearly something is preventing sudo from changing uids.  With an
> effective uid of 0 this should not fail.  If apache/php runs in its
> own namespace that might affect things.

  How to detect this ?

  I'm not using cgroups or docker etc.

-- 
С уважением,
 Dima                            mailto:dgoncharuk at neocm.com