[CentOS] sudo 1.6.9 versus sudo 1.7.2 behavioral differences with umask settings

Tom H tomh0665 at gmail.com
Fri Oct 8 01:59:17 UTC 2010


On Thu, Oct 7, 2010 at 9:48 PM, David Goldsmith <dgoldsmith at sans.org> wrote:
> On 10/7/2010 9:25 PM, Tom H wrote:
>> On Thu, Oct 7, 2010 at 7:20 PM, David Goldsmith <dgoldsmith at sans.org> wrote:
>>> Two servers, each have normal user umask values of 0077 and root umask
>>> values on 0022.
>>>
>>> On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from
>>> base), here are the results of touching a file as a user, as root and as
>>> a user sudoing to root:
>>>
>>> user: touch file        - result is 600
>>> root: touch file        - result is 644
>>> user: sudo touch file   - result is 644
>>>
>>> On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from
>>> updates), here are the results of the same actions:
>>>
>>> user: touch file        - result is 600
>>> root: touch file        - result is 644
>>> user: sudo touch file   - result is 600         ** this differs **
>>>
>>> On the second system, if I downgrade sudo to the base version, it
>>> behaves the same as on the first server, so this appears to be sudo
>>> version specific rather than an i386 vs x86-64 difference.
>>>
>>> Looking at the changelogs at the package home site, I don't see anything
>>> obvious that covers this change:
>>>
>>> http://www.courtesan.com/sudo/stable.html#1.7.0
>>> http://www.courtesan.com/sudo/stable.html#1.7.1
>>> http://www.courtesan.com/sudo/stable.html#1.7.2
>>>
>>> Does anyone know how to change the behavior with the umask values when
>>> using the newer version of sudo?
>>>
>>> This is causing us some issues when sudoing to update an SVN working
>>> directory used by our Puppet server.
>>
>> Check for a "umask" variable/line in the two installs' /etc/sudoers file.
>
> "grep -i mask /etc/sudoers" on both servers gets no hits.

Any differences in the env_keep, env_delete, env_check settings (if
they are used) in sudoers?



More information about the CentOS mailing list