Bug 497873
| Summary: | sudo gives bogus group membership if runas_default=xxx is used | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Ric Anderson <azric47> | ||||
| Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> | ||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 5.3 | CC: | amarecek, dkopecek, sgrubb, zmraz | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | CVE-2010-0427 (view as bug list) | Environment: | |||||
| Last Closed: | 2010-03-30 08:16:46 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 567622 | ||||||
| Attachments: |
|
||||||
Created attachment 341461 [details]
diff from author to fix bogus groups with runas_default
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0212.html |
Description of problem: sudo with runas_default=oracle gets wrong group list Version-Release number of selected component (if applicable): sudo-1.6.9p17-3.el5_3.1 How reproducible: everytime Steps to Reproduce: 1. add these lines to /etc/sudoers Defaults always_set_home, runas_default=oracle to sudoers %dba ALL=(oracle) ALL 2. Create user ric, group dba 3. as ric, do sudo -i to become oracle. 4. After the sudo, do [oracle@uaz-hr-d02 ~]$ id Actual results: Id says the following - note dba is missing, and a bunch of system groups are present: uid=502(oracle) gid=500(oinstall) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) Expected results: Id should say uid=502(oracle) gid=500(oinstall) groups=500(oinstall),501(dba) Additional info: Author (Todd Miller) has generated a bug fix for 1.6.9; The problem is already fixed in 1.7.1. See http://www.gratisoft.us/bugzilla/attachment.cgi?id=255. If you can't view that, the patch is attached