-
-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default user changed without warning #290
Comments
Now, writing:
allows me to run any command as root without password, that is not good! I could change it to:
but that means that any user can run any command as |
Thanks for your report. A bug was introduced in sudo 1.9.14 where a line like:
can match if no user was explicitly specified on the command line (e.g. In the meantime, you should be able to work around the problem by changing the order of the sudoers rules. Since sudo takes the last match if the above rule is parsed before a rule like:
then the later rule will be the one that matches. |
… user. We should only match a rule with an empty runas user if a group was specified on the command line (sudo -g) without a user (no -u option) or the user specified their own name on the command line. GitHub issue #290
Thanks @millert for the quick answer! I moved the line for the
to the very end of the |
… user. We should only match a rule with an empty runas user if a group was specified on the command line (sudo -g) without a user (no -u option) or the user specified their own name on the command line. GitHub issue #290 --HG-- branch : 1.9
Closing this now that sudo 1.9.14p2 is out. |
Hi!
I recently upgraded from sudo 1.9.13.p3 to 1.9.14.p1 in my ArchLinux system, and the default user for sudo changed automatically from
root
to my regular userrodrigo
. That is when I runsudo -i
it used to start aroot
shell, now it starts arodrigo
shell, with is quite useless.The obvious workaround -after I panicked and though I had a rootkit and recovered, is to run
sudo -i -u root
.I've checked my customized configuration and it all comes down to this custom rule in my
sudoers.d
subdir:I changed it to:
and everything is back to normal. So no real harm done.
I'm opening this issue to the benefit of other that may encounter this. Is it a bug? A fix of a pre-existing bug? Or a subtle change in the intended behavior? I checked the change-logs and saw nothing about this.
The text was updated successfully, but these errors were encountered: