Bug 497

Summary: When LOG_INPUT and/or LOG_OUTPUT is used, the original userid is set to the effective userid
Product: Sudo Reporter: Peter-Paul Noordhuis <ppnoordhuis>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: normal CC: ppnoordhuis
Priority: low    
Version: 1.7.4   
Hardware: IBM   
OS: AIX   

Description Peter-Paul Noordhuis 2011-06-08 08:45:08 MDT 
When the options LOG_INPUT and/or LOG_OUTPUT is used, to capture the output used sudo command, I noticed that the original userid has been reset to the effective userid and an additional pseudo terminal is created. 

We have individual history logging, so we can see, who has performed what under each account, because a lot of users are using the root account (or any other shared account).
So when we use the i/o logging within sudo, all history logging is placed into one file and messes-up the individual history logging greatly.

----------------------------------------------------------------
AN EXAMPLE:
NO use of LOG_INPUT and/or LOG_OUTPUT:
peterp@server(/home/peterp)$ who am i
peterp    pts/0       Jun  8 11:22     (thinkpad)
peterp@server(/home/peterp)$ sudo su -
Password:
root@server(/home/root)# whoami                 # <<< effective userid
root
root@server(/home/root)# who am i               # <<< Original userid
peterp    pts/0       Jun 08 11:22     (thinkpad)

root@server(/home/root)# cat /etc/sudoers |grep CMD_SUDO_ROOT
Cmnd_Alias     CMD_SUDO_ROOT = /usr/bin/su -
%rootgrp       ALL = (ALL) CMD_SUDO_ROOT
root@server(/home/root)#
----------------------------------------------------------------

----------------------------------------------------------------
An example, with the use of LOG_INPUT and/or LOG_OUTPUT:

peterp@server(/home/peterp)$ 
Connection to server closed.
peterp@thinkpad(/home/peterp)$ ssh server
peterp@server(/home/peterp)$ whoami
peterp
peterp@server(/home/peterp)$ sudo su -
Password:
root@server(/home/root)# whoami                 # <<< effective userid
root
root@server(/home/root)# who am i               # <<< Original userid
root      pts/1 
root@server(/home/root)# cat /etc/sudoers |grep CMD_SUDO_ROOT
Cmnd_Alias     CMD_SUDO_ROOT = /usr/bin/su -
%rootgrp       ALL = (ALL) LOG_INPUT: LOG_OUTPUT: CMD_SUDO_ROOT
root@server(/home/root)#
----------------------------------------------------------------
Comment 1 Todd C. Miller 2011-06-08 09:07:06 MDT 
The "who" command uses the utmp file to determine the user name.  What you are seeing is due to sudo not creating a utmp entry for the pseudo terminal the command is being run in.

This will not be changed in sudo 1.7.x as that branch only receive critical bug fixes.  Upgrading to sudo 1.8.1p2 should resolve the issue for you as it will create a utmp entry for the pty that the command runs in.