Bug 656

Summary: sudoedit creates files with group root instead of primary group of -u target
Product: Sudo Reporter: Shawn McMahon <syberghost>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: low    
Priority: low    
Version: 1.8.6   
Hardware: PC   
OS: Linux   
Attachments: Fix for zero gid on new sudoedit files

Description Shawn McMahon 2014-08-21 12:54:50 MDT
Assuming a user "foo", with primary group "foo", do the following:

sudo -u foo -e /tmp/bar

The resulting file will be owned by "foo:root", not "foo:foo" as might be expected based on the behavior of other commands.

A workaround is to do the following:

sudo -u foo touch /tmp/bar
sudo -u foo -e /tmp/bar

That works as expected.

Confirmed this in multiple 1.8.x versions, including 1.8.4p5 (from upstream, no patches), 1.8.6p3 (as shipped in RHEL 6), and 1.8.6p7 (as shipped in RHEL 7).
Comment 1 Todd C. Miller 2014-08-21 15:17:03 MDT
This is fixed in sudo 1.8.11, currently in beta.
Comment 2 Todd C. Miller 2014-08-21 15:39:36 MDT
Just FYI, if you are creating a file in a directory mounted with BSD group semantics (the grpid or bsdgroups mount option in Linux) the new file will inherit the group of the parent directory and not the runas user.
Comment 3 Todd C. Miller 2014-08-25 11:26:34 MDT
Created attachment 420 [details]
Fix for zero gid on new sudoedit files

I believe this is the root of the problem.
Comment 4 Todd C. Miller 2014-09-24 09:32:44 MDT
Fixed in sudo 1.8.11.