Bug 1321414 - Can we also install /var/db/sudo/lectured directory?
Summary: Can we also install /var/db/sudo/lectured directory?
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: sudo
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Daniel Kopeček
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-26 14:25 UTC by dac.override
Modified: 2016-06-24 14:38 UTC (History)
3 users (show)

Fixed In Version: sudo-1.8.17p1-1.fc25
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-24 14:38:24 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description dac.override 2016-03-26 14:25:59 UTC 
Description of problem:

/var/db/sudo is installed by the RPM package but /var/db/sudo/lectured is not

This can cause issues when users are isolated (using role-based access control separation security model). If the directory is installed by the RPM then this problem does not exist.

if /var/db/sudo/lectured does not exist then it gets created the first time sudo is run. The security attributes associated with this process (identity and role) get associated with /var/db/sudo/lectured. If isolation is enforced based on identities or roles then other users that rely on sudo cannot access the existing /var/db/sudo/lectured location and thus these users will indefinitely get "lectured"

By installing the /var/db/sudo/lectured directory, the system identity and role is associated with the location and then all sudo instances will be able to access it and maintain objects in it

Version-Release number of selected component (if applicable):
rawhide

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Note You need to log in before you can comment on or make changes to this bug.