[sudo-workers] [sudo-users] log_output and log_input destination directories and files ownership and permissions

[Daniele Palumbo]

Il giorno 26/ott/2016, alle ore 21:15, Todd C. Miller <Todd.Miller at courtesan.com> ha scritto:
> The mode and owner for the I/O log files is not currently configurable.
> There's no reason it can't be made configurable, there simply hasn't
> been a demand for that before.
> 
> Sudo doesn't explicitly set the group on I/O log files.  For file
> systems with BSD group semantics the group is inherited from the
> parent directory.  Otherwise, the files get the user's group.  Since
> the file mode doesn't allow group access this is not a big deal.
> 
> I'll put this on the roadmap for sudo 1.8.19.

Hey Todd,

i am sure that this may be done in a better way, but here we may have the first working patch.
it still include some useless code, and do not cover all of the options, but i wish to get a feedback on this.
code cleanup has to be done.

A brief on the concept:
the new parameter iolog_perm can be set with one octal mode.
Default value is 700, as now.
The allowed range is 700 to 770, as now.
Files will have the exec bit removed for UGO.
Documentation is missing as now.

Next step, if this is more or less ok, is to allow a user and group to be changed in a similar way, plus setting the default group to root.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-perm.diff
Type: application/octet-stream
Size: 7488 bytes
Desc: not available
URL: <https://www.sudo.ws/pipermail/sudo-workers/attachments/20161029/79f5661a/attachment.obj>
-------------- next part --------------


waiting for some feedback,

Thanks,
Daniele
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://www.sudo.ws/pipermail/sudo-workers/attachments/20161029/79f5661a/attachment.bin>