Description of problem:
the sudo "wrapper" written for #849452 is very limited, is not failsafe, and most importantly is called "sudo" and is first in search path, so takes over sudo invocations.
This is a bad idea in so many ways.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install devtoolset3
2. try to run "sudo -s" or "sudo -i"
$ sudo -s
/var/tmp/scl76ZTHd: line 8: -s: command not found
A root shell session
Others have hit this
$ rpm -qf /opt/rh/devtoolset-3/root/usr/bin/sudo
$ which sudo
The sudo wrapper is from devtoolset package not from scl-utils package, I will reassigning the bug, I hope devtoolset-meta is right component but feel free to reassign.
Certainly not solvable for DTS4.1.
Note this is basically a dup of https://bugzilla.redhat.com/show_bug.cgi?id=1054894
Well that's not readable even for this long-time fedora contributor, but I can imagine reasons you'd have a related embargoed bz.
MITM'ing sudo is a rather bad idea. I understand the desire to have sudo load SCL envvars -- I wrestle with that myself, often needing to write wrapper scripts -- it is not important enough to mess with sudo itself; perhaps that could be achieved with a dedicated command.
(In reply to Martin Langhoff from comment #5)
> Well that's not readable even for this long-time fedora contributor, but I
> can imagine reasons you'd have a related embargoed bz.
> MITM'ing sudo is a rather bad idea. I understand the desire to have sudo
> load SCL envvars -- I wrestle with that myself, often needing to write
> wrapper scripts -- it is not important enough to mess with sudo itself;
> perhaps that could be achieved with a dedicated command.
You're right about the SCL envvars. One possibility would be to teach the sudo wrapper how to parse the sudo arguments I think -- but that seems very fragile and I'm not sure how well would that work in practice. I'm very sorry that all I can offer at this point is to recommend to use /bin/sudo if you need to use sudo options :/.
sudo_plugin(8) in the sudo-devel package might be a consideration. It looks like the API (specifically check_policy) is sufficient for implementing preservation of SCL context in a sudo plugin.
I am seeing this in devtoolset-7's sudo/ sudo -i doesn't work.
Please use /bin/sudo meanwhile.
I am seeing this while using devtoolset-6 on RH 7.5. It breaks ansible.
*** Bug 1635961 has been marked as a duplicate of this bug. ***