Bug 656 – sudoedit creates files with group root instead of primary group of -u target

Bug 656 - sudoedit creates files with group root instead of primary group of -u target


Summary:	sudoedit creates files with group root instead of primary group of -u target

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.6
Hardware:	PC Linux

Importance:	low low
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-08-21 12:54 MDT by Shawn McMahon
Modified:	2014-09-24 09:32 MDT (History)
CC List:	0 users

See Also:

Attachments
Fix for zero gid on new sudoedit files (376 bytes, patch) 2014-08-25 11:26 MDT, Todd C. Miller	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shawn McMahon 2014-08-21 12:54:50 MDT

Assuming a user "foo", with primary group "foo", do the following:

sudo -u foo -e /tmp/bar

The resulting file will be owned by "foo:root", not "foo:foo" as might be expected based on the behavior of other commands.

A workaround is to do the following:

sudo -u foo touch /tmp/bar
sudo -u foo -e /tmp/bar

That works as expected.

Confirmed this in multiple 1.8.x versions, including 1.8.4p5 (from upstream, no patches), 1.8.6p3 (as shipped in RHEL 6), and 1.8.6p7 (as shipped in RHEL 7).

Comment 1 Todd C. Miller 2014-08-21 15:17:03 MDT

This is fixed in sudo 1.8.11, currently in beta.

Comment 2 Todd C. Miller 2014-08-21 15:39:36 MDT

Just FYI, if you are creating a file in a directory mounted with BSD group semantics (the grpid or bsdgroups mount option in Linux) the new file will inherit the group of the parent directory and not the runas user.

Comment 3 Todd C. Miller 2014-08-25 11:26:34 MDT

Created attachment 420 [details]
Fix for zero gid on new sudoedit files

I believe this is the root of the problem.

Comment 4 Todd C. Miller 2014-09-24 09:32:44 MDT

Fixed in sudo 1.8.11.