sudo: `-u longusername` fails when effective group id cannot be resolved into a group name

trifectatechfoundation / sudo-rs

A memory safe implementation of sudo and su.

Other

2.88k stars 77 forks source link

sudo: `-u longusername` fails when effective group id cannot be resolved into a group name #771

Open japaric opened 12 months ago

japaric commented 12 months ago

relevant test

https://github.com/memorysafety/sudo-rs/blob/0b9207b67dbaf32cf05791c1e2d18cd910d3ffb7/test-framework/sudo-compliance-tests/src/sudo/misc.rs#L205-L225

useradd does not work with usernames with usernames longer than 32 characters. this issue is only observed ~~with usernames longer than 32 characters.~~ when editing /etc/passwd (instead of useradd) is used to create the user

japaric commented 12 months ago

the above test does not update /etc/groups, i.e. it does not assign a primary group to the new user. this makes the groups command fail:

root@a22ac8003931:/tmp# groups aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa : groups: cannot find name for group ID 1001
1001
root@a22ac8003931:/tmp# echo $?
1

I think sudo-rs is failing because it's trying to resolve the group ID into a group name whereas ogsudo is not while still being able to execute the complete pipeline.