|
Bugzilla – Full Text Bug Listing |
| Summary: | if configured --with-umask then sudo can raise umask | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Vadim Zhukov <persgray> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | low | ||
| Priority: | low | ||
| Version: | 1.7.0 | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: | sudo and documentation patch | ||
I think you have things backwards. Since umask is a mask, the more bits that are set, the more restrictive it is. So instead of bitwise AND, it should be bitwise OR. I've made such a change in the sudo cvs tree. |
Created attachment 232 [details] sudo and documentation patch When sudo(8) is configured with "--with-umask" option then it always change umask, even if current umask is more strict. Better solution is to logically AND old and new umask. Sample patch attached. Usage example (I have similar setup for some not-a-human user under which a program run): In sudoers: user = (root) NOPASSWD: tee -- /some/dir/* In shell: $ umask 0002 $ echo XXX | sudo tee -- /some/dir/somefile >/dev/null $ ls -l /some/dir/somefile -rw-r--r-- 1 root somegroup 4 Oct 15 19:10 somefile