Closed vlmarek closed 6 months ago
Sorry, but it was never intended to work that way. Since sudo runs commands by root as default, you need to explicitly specify the user to run a command as a user other than root, even the current user. The previous behavior was a bug. The correct usage would be:
$ sudo -u luser bash -c 'id; ppriv $$'
However, I just discovered a different bug introduced in sudo 1.9.15 that prevents Solaris privs from being applied. That bug is fixed by de242c57388b1c7f319010708799153b930bfd55.
Thank you for quick reply! I admit that the command line is not how someone would use sudo in real life. But if I understand correctly you say that running just sudo
to get elevated (Solaris) privileges is not supported. In an example:
$ id -a
uid=100(luser) gid=10(staff) groups=10(staff)
# Here sudo does not give me privileges:
$ sudo bash -c 'id; ppriv $$'
Password:
# But here specifying "-u luser" even though I am luser it does:
$ sudo -u luser bash -c 'id; ppriv $$'
uid=100(luser) gid=10(staff)
14538: ppriv 14538
flags = <none>
E: basic,dtrace_kernel,dtrace_proc,dtrace_user
I: basic,dtrace_kernel,dtrace_proc,dtrace_user
P: basic,dtrace_kernel,dtrace_proc,dtrace_user
L: basic,dtrace_kernel,dtrace_proc,dtrace_user
If that is so then I misunderstood it and I am sorry about it. And this bug can be closed. Or do you say this is what the second fix you have just done is about? I will retest it.
Many thanks! __ Vlad
Yes, that is correct. This command:
$ sudo bash -c 'id; ppriv $$'
is equivalent to:
$ sudo -u root bash -c 'id; ppriv $$'
So you need to run
sudo -u luser bash -c 'id; ppriv $$'
even if you are already luser.
Before https://github.com/sudo-project/sudo/commit/db704c22ec248c871907cfd966091a28332e1d0f.patch This works:
With the change noted above:
And neither works
I have to say I don't understand the code yet, but maybe it is something "obvious" for you?
Thank you __ Vlad