Bug 218

Summary: sudo not respecting supplementary groups?
Product: Sudo Reporter: Klaus <klaus.steden>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: carlos.dacunhaesilva, hardy.baumgartner
Priority: normal    
Version: 1.6.8   
Hardware: PC   
OS: Linux   

Description Klaus 2006-09-07 15:53:53 MDT 
sudo is for some reason ignoring supplementary group memberships when invoked.

For instance...

klaus@apace:~[1]% sudo -l                                                      
                                                
User klaus may run the following commands on this host:
    (ALL) ALL
    (dds, pipeline) NOPASSWD: /usr/bin/rsh iridas *, /usr/bin/rsh quad01 *
klaus@apace:~[2]% id
uid=942(klaus) gid=105(vadmin)
groups=0(root),0(root),100(users),102(spirit),103(eng),105(vadmin),108(devo),109(web),110(tapeops),112(prjadmin),113(libadmin),116(tools),500(image)

$ sudo -l
User gened may run the following commands on this host:
    (dds, pipeline) NOPASSWD: /usr/bin/rsh iridas *, /usr/bin/rsh quad01 *
apace|/home/gened 3:50pm                                                       
                                                 $ id
uid=2000(gened) gid=500(image)
groups=0(root),103(eng),105(vadmin),108(devo),109(web),112(prjadmin),113(libadmin),116(tools),500(image)

Below is the section of /etc/sudoers that should allow 'gened' to do everything
on this system.

-- cut --
# Members of the 'vadmin' group have sudo access to everything.
%vadmin ALL = (ALL) ALL
-- cut --

On other Linux systems that use the same sudoers files with version 1.6.7, this
problem does not occur. Switching 'vadmin' to its' GID produces the same
unsuccessful result.

Is this a system misconfiguration, possibly (selinux crap, maybe?), or a sudo
bug? Has anyone else ever seen something like this happen? I couldn't get a
coherent answer from Google due to the prevalence of 'sudo' and 'group' on the web.

thanks,
Klaus
Comment 1 Todd C. Miller 2007-06-13 16:10:42 MDT 
*** Bug 249 has been marked as a duplicate of this bug. ***
Comment 2 Todd C. Miller 2007-06-13 16:11:46 MDT 
This is fixed in sudo 1.6.9 which is scheduled to have a beta release next week.
Comment 3 Todd C. Miller 2007-06-13 16:12:58 MDT 
*** Bug 213 has been marked as a duplicate of this bug. ***
Comment 4 Hardy Baumgartner 2007-06-14 08:07:58 MDT 
Bug 249 is a duplicate of Bug 213. But 213 and 249 are not duplicates of Bug 218!
Regards,
Hardy
Comment 5 Todd C. Miller 2007-06-19 12:30:44 MDT 
Supplementary group support has been added in sduo 1.6.9, which is now in beta.  You can download beta versions of sudo from http://www.sudo.ws/sudo/beta.html