[sudo-workers] sudoreplay & sudo command in a pipe line
V S, Nagendra (Nonstop Filesystems Team)
nagendra.vs at hpe.com
Mon Nov 28 07:55:04 MST 2016
Hi,
I have the below test script
#!/bin/bash
echo -n "Enter a input:"
read a
if [[ $a == "hello" ]]; then
echo -n "Enter a new text:"
read b
exit 0
else
echo "All done."
fi
I run the above script once directly from a tty (or console) & once using the following shell pipeline
"cat f1 | src/sudo ./test.sh | tee log"
The contents of f1 is as follows
welcome
After this I try to replay the two sudo commands using sudoreplay
Sudoreplay for command run from tty
root at ubuntu:/home/user/sudo-1.8.18p1# plugins/sudoers/sudoreplay 00000O
Replaying sudo session: ./test.sh
Enter a input:welcome <==== stdin information is available
All done.
Sudoreplay for command run from command pipeline
root at ubuntu:/home/user/sudo-1.8.18p1# plugins/sudoers/sudoreplay 00000P
Replaying sudo session: ./test.sh
Enter a input:All done. <=== output different stdin information missing
Now to my question why is the behavior different between the command examples? I understand that when in a pipeline the stdin information is never visible on the TTY/console. Also I see that sudoreplay man page has the following information
-f filter, --filter=filter
Select which I/O type(s) to display. By default, sudoreplay will display the command's standard output, standard error and tty output. The filter argument is a comma-separated list, consisting of one or more of following: stdout, stderr, and ttyout.
Also I see that in the pipeline command usage sudo session's log stdin & stdout contains the information & ttyout file is empty. I can used zcat & was displayed the file contents of both stdout & stdin.
For this scenario I have both log_out & log_input enabled in sudoers file (Defaults log_output Defaults log_input)
Is this behavior by design or is it bug?
Thanks & Regards
Nagendra.V.S
More information about the sudo-workers
mailing list