Bug 213

Summary: sudo does ignore multi line /etc/group entries
Product: Sudo Reporter: Hardy Baumgartner <hardy.baumgartner>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high CC: hardy.baumgartner
Priority: high    
Version: 1.6.8   
Hardware: HP   
OS: HP-UX   

Description Hardy Baumgartner 2006-05-03 09:53:40 MDT 
Users who's user id entries are located in the second line of a multi line 
group in /etc/group will be ignored by sudo and therefore are not able to sudo 
and will get the following error: "user does not exist in sudoers".
Comment 1 Michael Grubb 2006-05-31 14:10:30 MDT 
This is not sudo's fault it is the administrator's fault.  The man page for getgr* 
says as much:

"The functions getgrnam() and getgrgid() search the group database for the
     given group name pointed to by name or the group id pointed to by gid,
     respectively, returning the first one encountered.  Identical group names
     or group gids may result in undefined behavior."

This is poor practice and should be fixed.
Comment 2 Todd C. Miller 2007-06-13 16:12:58 MDT 

*** This bug has been marked as a duplicate of bug 218 ***
Comment 3 Hardy Baumgartner 2007-06-19 13:07:53 MDT 
Reopened due to the fact that it is not a duplicate of Bug 218 and it has nothing to do with supplementary groups but all with multi line groups.
Best regards,
Hardy
Comment 4 Todd C. Miller 2007-06-19 19:26:14 MDT 
It is the exact same issue.  Multi-line group entries are processed by initgroup(3) and placed in the supplemental group vector.  Thus the *only* way to deal with them is via getgroups(2).  Support for this has been added to sudo 1.6.9.  You can get a beta version at http://www.sudo.ws/sudo/beta.html