|
Bugzilla – Full Text Bug Listing |
| Summary: | "Defaults use_loginclass" doesn't change login class | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Valery Khromov <valery.khromov> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | valery.khromov |
| Priority: | normal | ||
| Version: | 1.8.1 | ||
| Hardware: | PC | ||
| OS: | FreeBSD | ||
| Attachments: |
use_loginclass fix
Backport of fix to sudo 1.8.1 |
||
Created attachment 322 [details]
use_loginclass fix
Created attachment 323 [details]
Backport of fix to sudo 1.8.1
I've checked in a more involved fix. Attached is a backport of that fix to sudo 1.8.1
Sudo 1.8.4 will include a fix for this. Fixed in sudo 1.8.4 |
$ uname -sr FreeBSD 8.2-STABLE $ sudo -V Sudo version 1.8.1p2 Sudoers policy plugin version 1.8.1p2 Sudoers file grammar version 40 Sudoers I/O plugin version 1.8.1p2 According to "man sudoers": use_loginclass If set, sudo will apply the defaults specified for the target user's login class if one exists. But the test shows that the login class isn't changed after sudo: $ grep use_loginclass /usr/local/etc/sudoers Defaults use_loginclass $ cat /tmp/showclass.sh #! /bin/sh pw usershow $(whoami) -P | sed -n "s|.*\(Class: .*\)|\1|p" $ /tmp/showclass.sh Class: $ limits -Sn Resource limits (current): openfiles-cur 2048 $ sudo -u user2 /tmp/showclass.sh Class: $ sudo -u user2 limits -Sn Resource limits (current): openfiles 2048 However, after "su -" the login class is applied: $ su - user2 $ /tmp/showclass.sh Class: user2class $ limits -Sn Resource limits (current): openfiles 10000 I looked at the sudo source code and found out that the "def_use_loginclass" variable isn't used at all. Instead, login class of SUDO_USER is always used. The attached patch fixes it. After the patch, sudo will honor the "use_loginclass" option and use target user's login class: $ sudo -u user2 /tmp/showclass.sh Class: user2class $ sudo -u user2 limits -Sn Resource limits (current): openfiles 10000