[sudo-users] 1.9.13 SUDO Error with LogSubcmds?

Todd C. Miller Todd.Miller at sudo.ws
Mon Feb 20 07:26:06 MST 2023

On Mon, 20 Feb 2023 14:09:08 +0000, "Dolan, Sean via sudo-users" wrote:

> I am using 1.9.13 on RedHat 7.9, SELINUX is enabled.   For testing purposes, 
> I want to simply allow a user to do a "sudo su -"  to become root.  I want to
>  see the "log_subcmds" directive in action.    When I have the "log_subcmds" 
> in the sudoers, the following errors occur:   (If I comment it out, everythin
> g works fine and I can sudo su - )

If you disable intercept_verify that should work around the
problem.  For example:

    Defaults !intercept_verify

The problem is that sudo is being too strict with how it verifies
the execve arguments.

 - todd

More information about the sudo-users mailing list