[sudo-workers] Sudo takes a long time resolving user's GIDs
Todd C. Miller
Todd.Miller at courtesan.com
Tue Aug 30 08:03:12 MDT 2016
On Tue, 30 Aug 2016 04:44:31 -0400, Tomas Sykora wrote:
> a customer had a problem with sudo, because it resolved all user's GIDs altho
> ugh the groups were not in the sudoers file (It was probably bacause of the f
> unction sudo_getgrgid, which was called for every user's GID) and so it took
> quite a lot of time. I thought that the issue is fixed in the new release wit
> h this https://www.sudo.ws/repos/sudo/rev/8ce3564e896e , but it seems that su
> do still resolves all user's GIDs, the function sudo_getgrgid is called for e
> very user's GID and so it still takes a lot of time on systems with lots of g
> roups. So is there a bug in the new sudo or did I not understand the mentione
> d changes correctly?
That change is not in sudo 1.8.17 but will be present in sudo 1.8.18.
You can try the current 1.8.18 beta to see if it helps.
https://www.sudo.ws/dist/beta/sudo-1.8.18b2.tar.gz
Note that if you use the LDAP backend it will still need to resolve
the user's group IDs to names in order to be able to perform the
LDAP query.
- todd
More information about the sudo-workers
mailing list