[sudo-workers] Runas(_alias) group

Daniel Kopecek dkopecek at redhat.com
Wed Oct 26 08:54:35 EDT 2011

On Tue 25 Oct 2011 04:50:10 PM CEST, Todd C. Miller wrote:
> On Tue, 25 Oct 2011 14:33:07 +0200, Daniel Kopecek wrote:
>> It seems that there is a bug in the handling (matching) of groups in
>> Runas&  Runas_alias lists. There are several ways how to specify a runas
>> group and some of them, although correctly parsed, are ignored in the
>> matching phase. Here are some non-working examples, one of them is from
>> the sudoers manpage:
>> 1) Using %group syntax + an alias
>> User_Alias OK_GROUP = %a
>> Runas_Alias OK_RUNAS_GROUP = %b, %c
>> ...which can be stripped down to:
>>    %a ALL=(%b) ALL
>> ...which also does not work.
> That rule should mean that any user in group 'a' can run any command
> as a user who is in group 'b'.  This works as expected for me.

Ok, thanks for the explanation.

Dan K.

More information about the sudo-workers mailing list