Bugzilla – Bug 213
sudo does ignore multi line /etc/group entries
Last modified: 2007-06-19 19:26:14 MDT
Users who's user id entries are located in the second line of a multi line group in /etc/group will be ignored by sudo and therefore are not able to sudo and will get the following error: "user does not exist in sudoers".
This is not sudo's fault it is the administrator's fault. The man page for getgr* says as much: "The functions getgrnam() and getgrgid() search the group database for the given group name pointed to by name or the group id pointed to by gid, respectively, returning the first one encountered. Identical group names or group gids may result in undefined behavior." This is poor practice and should be fixed.
*** This bug has been marked as a duplicate of bug 218 ***
Reopened due to the fact that it is not a duplicate of Bug 218 and it has nothing to do with supplementary groups but all with multi line groups. Best regards, Hardy
It is the exact same issue. Multi-line group entries are processed by initgroup(3) and placed in the supplemental group vector. Thus the *only* way to deal with them is via getgroups(2). Support for this has been added to sudo 1.6.9. You can get a beta version at http://www.sudo.ws/sudo/beta.html