Bugzilla – Bug 218
sudo not respecting supplementary groups?
Last modified: 2007-06-19 12:30:44 MDT
sudo is for some reason ignoring supplementary group memberships when invoked. For instance... klaus@apace:~[1]% sudo -l User klaus may run the following commands on this host: (ALL) ALL (dds, pipeline) NOPASSWD: /usr/bin/rsh iridas *, /usr/bin/rsh quad01 * klaus@apace:~[2]% id uid=942(klaus) gid=105(vadmin) groups=0(root),0(root),100(users),102(spirit),103(eng),105(vadmin),108(devo),109(web),110(tapeops),112(prjadmin),113(libadmin),116(tools),500(image) $ sudo -l User gened may run the following commands on this host: (dds, pipeline) NOPASSWD: /usr/bin/rsh iridas *, /usr/bin/rsh quad01 * apace|/home/gened 3:50pm $ id uid=2000(gened) gid=500(image) groups=0(root),103(eng),105(vadmin),108(devo),109(web),112(prjadmin),113(libadmin),116(tools),500(image) Below is the section of /etc/sudoers that should allow 'gened' to do everything on this system. -- cut -- # Members of the 'vadmin' group have sudo access to everything. %vadmin ALL = (ALL) ALL -- cut -- On other Linux systems that use the same sudoers files with version 1.6.7, this problem does not occur. Switching 'vadmin' to its' GID produces the same unsuccessful result. Is this a system misconfiguration, possibly (selinux crap, maybe?), or a sudo bug? Has anyone else ever seen something like this happen? I couldn't get a coherent answer from Google due to the prevalence of 'sudo' and 'group' on the web. thanks, Klaus
*** Bug 249 has been marked as a duplicate of this bug. ***
This is fixed in sudo 1.6.9 which is scheduled to have a beta release next week.
*** Bug 213 has been marked as a duplicate of this bug. ***
Bug 249 is a duplicate of Bug 213. But 213 and 249 are not duplicates of Bug 218! Regards, Hardy
Supplementary group support has been added in sduo 1.6.9, which is now in beta. You can download beta versions of sudo from http://www.sudo.ws/sudo/beta.html