#40644: sudo: fails to switch to other user than root ------------------------------+-------------------------------- Reporter: Peter.Danecek@… | Owner: macports-tickets@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: sudo | ------------------------------+-------------------------------- Comment (by raimue@…): I did some testing and the older version 1.7.7 did still work using the [browser:trunk/dports/sysutils/sudo/Portfile?rev=103947 Portfile version] before r103948. I guess upstream sudo 1.8 changed anything that causes this to stop working now: Here is an excerpt from an analysis on sudo @1.8.8_1 using `sudo dtruss -f /opt/local/bin/sudo -u macports id` showing the failing `setuid` syscall: {{{ 57598/0x12e774: fork() = 0 0 57598/0x12e774: thread_selfid(0x7FFF75C73180, 0x0, 0x1) = 1238900 0 57598/0x12e774: getpid(0x320000003303, 0x330000003300, 0x7FFF75C62888) = 57598 0 57598/0x12e774: close(0x3) = 0 0 57598/0x12e774: close(0x4) = 0 0 57598/0x12e774: close(0x5) = 0 0 57598/0x12e774: fcntl(0x6, 0x2, 0x1) = 0 0 57598/0x12e774: setgroups(0x3, 0x7FFBF0C21E80, 0x0) = 0 0 57598/0x12e774: setgid(0x1F5, 0x0, 0x0) = 0 0 57598/0x12e774: umask(0x3F, 0x0, 0x0) = 63 0 57598/0x12e774: seteuid(0x1F6, 0x0, 0x0) = 0 0 57598/0x12e774: setuid(0x1F6, 0x0, 0x0) = -1 Err#1 57598/0x12e774: open("/opt/local/share/locale/en_US.UTF-8/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: open("/opt/local/share/locale/en_US.utf8/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: open("/opt/local/share/locale/en_US/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: open("/opt/local/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: open("/opt/local/share/locale/en.utf8/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: open("/opt/local/share/locale/en/LC_MESSAGES/sudo.mo\0", 0x0, 0x10D2AB3D0) = -1 Err#2 57598/0x12e774: write_nocancel(0x2, "sudo: unable to change to runas uid (502, 502): Operation not permitted\n\0", 0x48) = 72 0 ... }}} In sudo @1.7.7_0, only `setuid(502)` is called at this point without any `seteuid(502)` before. The full log files from my system are attached. -- Ticket URL: <https://trac.macports.org/ticket/40644#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X