Bug 749

Summary: sudo 1.8.17: new files are created with the primary group of the caller and not as root
Product: Sudo Reporter: jue
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.17   
Hardware: PC   
OS: Linux   
Attachments: Do group setup when the plugin has no session initialization function

Description jue 2016-06-22 06:52:49 MDT 
Until version 1.8.17 a new file created with sudo has the owner/group
root:root, whereas with 1.8.17 it's root:users if users is the primary group of the caller:

Linux system with shadow passwd and without PAM, sudo build from sources, configured with ./configure --prefix=/usr --without-pam


# cat /etc/sudoers
juergen  ALL = NOPASSWD: /bin/touch

with sudo 1.8.17:

$:~> whoami
juergen
$:~> umask
0022
$:~> sudo touch /tmp/sudo.test1
$:~> ls -al /tmp/sudo.*
-rw-r--r-- 1 root users 0 Jun 22 14:39 /tmp/sudo.test1
$:~> 

with sudo 1.8.16:

$:~> sudo touch /tmp/sudo.test2
$:~> ls -al /tmp/sudo.*
-rw-r--r-- 1 root users 0 Jun 22 14:39 /tmp/sudo.test1
-rw-r--r-- 1 root root  0 Jun 22 14:40 /tmp/sudo.test2
$:~> 


Thanks
Comment 1 Todd C. Miller 2016-06-22 09:20:36 MDT 
There was a bug introduced in 1.8.17 where the groups are not set when there is no session initialization required and the command is no being run in a pty.
Comment 2 Todd C. Miller 2016-06-22 09:21:32 MDT 
Created attachment 476 [details]
Do group setup when the plugin has no session initialization function
Comment 3 Todd C. Miller 2016-06-22 10:31:02 MDT 
This is fixed by https://www.sudo.ws/repos/sudo/rev/3bf16489800c
Comment 4 jue 2016-06-22 13:19:08 MDT 
Confirmed, 1.8.17p1 works again for me.
Many thanks for the quick fix and for sudo as a whole!