Bug 1321414

Summary: Can we also install /var/db/sudo/lectured directory?
Product: [Fedora] Fedora Reporter: dac.override
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dkopecek, kzak, rsroka
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.17p1-1.fc25 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-24 14:38:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description dac.override 2016-03-26 14:25:59 UTC 
Description of problem:

/var/db/sudo is installed by the RPM package but /var/db/sudo/lectured is not

This can cause issues when users are isolated (using role-based access control separation security model). If the directory is installed by the RPM then this problem does not exist.

if /var/db/sudo/lectured does not exist then it gets created the first time sudo is run. The security attributes associated with this process (identity and role) get associated with /var/db/sudo/lectured. If isolation is enforced based on identities or roles then other users that rely on sudo cannot access the existing /var/db/sudo/lectured location and thus these users will indefinitely get "lectured"

By installing the /var/db/sudo/lectured directory, the system identity and role is associated with the location and then all sudo instances will be able to access it and maintain objects in it

Version-Release number of selected component (if applicable):
rawhide

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: