Description of problem: When checking if a user is a member of a group, sudo opens the group's entry using getgrnam() and scans the member list. Depending on which nsswitch modules are in use, this may or may not be enough, so it needs to fall back on getgrouplist(). Version-Release number of selected component (if applicable): 1.6.8p12 How reproducible: Always Steps to Reproduce: 1. Grant a user access by virtue of being in a group. 2. Define that group using hesiod, or in both /etc/group and anywhere else. The second option is a *terrible* idea, but it happens. Actual results: The user will only be granted access if user is listed in the first location where the group's entry can be found, contradicting the "groups" command. Expected results: User gets access.
Created attachment 152173 [details] use getgrouplist() if all else fails
thnx. Nalin, it's fixed in sudo-1.6.8p12-14.fc7
Hello, I see that fedora package has a patch for this. Is it planned to submit this patch upstream, or has it already been done ?