[sudo-workers] sudoRunAsUser option not behaving properly
Lenka Doudova
ldoudova at redhat.com
Tue Nov 1 08:16:54 MDT 2016
Hi,
thanks very much, I will fix our tests accordingly.
Lenka
On 11/01/2016 03:05 PM, Todd C. Miller wrote:
> On Tue, 01 Nov 2016 14:54:07 +0100, Lenka Doudova wrote:
>
>> I was pointed to discussion regarding sudo RunAsUser/RunAsGroup problems
>> [1] and have a question about inproperly handled RunAsUsers as mentioned
>> in the discussion. I'm working on FreeIPA where I have: user testuser,
>> group testgroup, sudorule testrule with RunAsUser empty and
>> RunAsGroup=testgroup. When I want to see list of commands user testuser
>> can run, I get:
> That looks correct to me. If only RunAsGroup is set, the user
> should be able to run commands as the group but with their own uid,
> not root.
>
> This is equivalent to the following sudoers file entry:
>
> testuser ALL = (:testgroup) NOPASSWD:ALL
>
> This was a bug fix in 1.8.18 to make LDAP and SSSD consistent with
> file-based sudoers. It was an oversight when RunAsGroup was initially
> added.
>
> - todd
More information about the sudo-workers
mailing list