Bug 57

Summary: Use of initgroups() and setting of group vector to be configurable via command-line option
Product: Sudo Reporter: TJ Saunders <tj>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: normal    
Version: 1.6.4   
Hardware: All   
OS: All   
Attachments: Patches sudo.h, sudo.c, set_perms.c, sudo.man.in

Description TJ Saunders 2001-11-15 12:11:29 MST 
The setting of the group vector, the supplemental group membership, of a process
for any target user other than root, is currently hard-coded.  I can see why
preserving the current group vector when the target user is root is beneficial,
but user root should not be treated as a hard-coded exception -- this behavior
should be controllable for any target user, via the command-line.

I've attached a patch which adds a -P command-line option, with appropriate
changes to the sudo man page.
Comment 1 TJ Saunders 2001-11-15 12:12:59 MST 
Created attachment 5 [details]
Patches sudo.h, sudo.c, set_perms.c, sudo.man.in
Comment 2 Todd C. Miller 2001-12-14 17:10:59 MST 
OK, it seems this is causing problems for at least one other person.  In sudo 1.6.4 the default
with be to allways do initgroups() with a sudoers option and command line flag to change the
behavior.