Why did group lookup behavior change with sudo-1.8.6p3-20.el6_7 in Red Hat Enterprise Linux 6.7?

Solution Verified - Updated -

Issue

  • We have an environment with multiple Domains and are using an Active Directory group in /etc/sudoers to gain rights. The group exists in multiple domains and the group is specified in /etc/sudoers without the domain name.
  • Until the new Version of sudo (1.8.6p3-20) this was working fine. Since installing the new sudo version the group lookup behavior seems to have changed. In some domains the wrong group (different domain) is beeing used and the user is not able to gain root rights.
  • We solved this issue by adding the domain-name to the group, but it would still be interesting what exactly caused the change in behavior.

Environment

  • Red Hat Enterprise Linux 6.7
  • sudo-1.8.6p3-20.el6_7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.