On Thu, Oct 7, 2010 at 7:20 PM, David Goldsmith <dgoldsmith at sans.org> wrote: > Two servers, each have normal user umask values of 0077 and root umask > values on 0022. > > On the first server (CentOS 5.4 i386) running sudo 1.6.9pl7-5 (from > base), here are the results of touching a file as a user, as root and as > a user sudoing to root: > > user: touch file - result is 600 > root: touch file - result is 644 > user: sudo touch file - result is 644 > > On the second server (CentOS x86-64) running sudo 1.7.2p1-7 (from > updates), here are the results of the same actions: > > user: touch file - result is 600 > root: touch file - result is 644 > user: sudo touch file - result is 600 ** this differs ** > > On the second system, if I downgrade sudo to the base version, it > behaves the same as on the first server, so this appears to be sudo > version specific rather than an i386 vs x86-64 difference. > > Looking at the changelogs at the package home site, I don't see anything > obvious that covers this change: > > http://www.courtesan.com/sudo/stable.html#1.7.0 > http://www.courtesan.com/sudo/stable.html#1.7.1 > http://www.courtesan.com/sudo/stable.html#1.7.2 > > Does anyone know how to change the behavior with the umask values when > using the newer version of sudo? > > This is causing us some issues when sudoing to update an SVN working > directory used by our Puppet server. Check for a "umask" variable/line in the two installs' /etc/sudoers file.