The latest sudo picked up from up2date today (3/14/2001) causes "htpasswd -b" to empty the existing .htaccess file when called from a CGI perl script. "rpm -e sudo" is a workaround. I suspect the problem lies with the htaccess file being owned by root and the httpd server running as nobody, but this behavior still shouldn't occur. There are no error messages in the error_log for httpd, nor in /var/log/messages.
There is nothing whatsoever sudo does to the system... sudo doesn't even touch any of the files used by apache. Either htpasswd is badly broken, or your script is. Assigning to apache to verify if htpasswd might be the problem.
From a very quick look at the htpasswd source (basically grepping it for sudo), I'd say your script is doing something odd.
Script was working perfectly before up2date run, where only sudo was selected and upgraded. Script worked perfectly after "rpm -e sudo" run. I would suggest that htpasswd uses sudo when called through apache CGI, although chronic laziness precludes me digging through the source. I'll get the script from the perl developer and attach it in a later message.
Thanks for the report. This is a mass bug update; since this release of Red Hat Linux is no longer supported, please either: a) try and reproduce the bug with a supported version of Red Hat Enterprise Linux or Fedora Core, and re-open this bug as appropriate after changing the Product field, or, b) if relevant, try and reproduce this bug using the current version of the upstream package, and report the bug upstream.