Description of problem: sudo with runas_default=oracle gets wrong group list Version-Release number of selected component (if applicable): sudo-1.6.9p17-3.el5_3.1 How reproducible: everytime Steps to Reproduce: 1. add these lines to /etc/sudoers Defaults always_set_home, runas_default=oracle to sudoers %dba ALL=(oracle) ALL 2. Create user ric, group dba 3. as ric, do sudo -i to become oracle. 4. After the sudo, do [oracle@uaz-hr-d02 ~]$ id Actual results: Id says the following - note dba is missing, and a bunch of system groups are present: uid=502(oracle) gid=500(oinstall) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) Expected results: Id should say uid=502(oracle) gid=500(oinstall) groups=500(oinstall),501(dba) Additional info: Author (Todd Miller) has generated a bug fix for 1.6.9; The problem is already fixed in 1.7.1. See http://www.gratisoft.us/bugzilla/attachment.cgi?id=255. If you can't view that, the patch is attached
Created attachment 341461 [details] diff from author to fix bogus groups with runas_default
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0212.html