[sudo-users] sudo_logsrvd configuration
Todd C. Miller
Todd.Miller at sudo.ws
Fri Jul 23 15:41:59 MDT 2021
On Thu, 22 Jul 2021 07:37:28 -0500, Stefan Johnson wrote:
> When I do "sudo su -" I get:
> sudo: error message received from server: invalid ClientMessage
> sudo: unexpected child termination condition: 0
> sudo: unable to set controlling tty: Input/output error
>
> With the debug rule in place, there is this line:
> unable to expand iolog dir
> /%Y/%m/%d/%H%M/%{hostname}/%s_u_%{user}_g_%{group}_ru_%{runas_user}_rg_%{runa
> s_group}_c_%{command}_XXXXXX
> @ create_iolog_path() ./iolog_writer.c:592
The problem here is that runas_group is only available for commands
run with sudo's -g flag. So the server doesn't know the group and
so is unable to build up the log path. It would probably be better
for it to use "unknown" in this case.
When logging locally, sudo can look up the group name based on the
runas user's passwd file entry. But this is not possible for the
remote server. One option would be for sudo to always pass this
info to the server but then it would not be possible to differentiate
between a user specifying the runas group via -g and one running a
command with the run user's default group.
- todd
More information about the sudo-users
mailing list