Bugzilla – Bug 507
When used within a seteuid daemon, sudo always says "sudo: sorry, you must have a tty to run sudo"
Last modified: 2015-08-08 16:25:37 MDT
When run from a seteuid daemon, the sudo command always returns "sudo: sorry, you must have a tty to run sudo". The sequence is: 1. As root, the program calls seteuid to a non-privileged user. 2. The program execs sudo 3. Sudo rejects all requests, even though the configuration file allows the requests. It even rejects 'sudo -l'. An attached small perl program reproduces the error. Note: you will need the Perl Proc::UID and Proc::Daemon modules in order to run this test program.
Created attachment 314 [details] Perl program which reproduces the error
Your sudoers file has the "requiretty" setting enabled, which tells sudo to only run if there is a tty attached. Since the daemon has no tty (it is not an interactive session), it cannot use sudo when "requiretty" is set. If you remove that from your sudoers file it should work as you expect.
The sudoers file is like this: Defaults requiretty ... Defaults:wwwrun !requiretty # XOP Where 'wwwrun' is the user that the daemon is being set to. So, the default is being overridden, but the override is being ignored.
Hello, I had this problem too: When I have a sudoers file like: Defaults requiretty ... Defaults:user !requiretty The first option override the second. A logical behavior would be the second one overriding the first.
The problem is that sudo uses the *real* uid when looking up the user but you are only setting the *effective* uid. That is why the user is not matching.