Implement umask_override
This commit is contained in:
Todd C. Miller
@@ -310,6 +310,10 @@ struct sudo_defs_types sudo_defs_table[] = {
|
||||
"fast_glob", T_FLAG,
|
||||
"Use faster globbing that is less accurate but does not access the filesystem",
|
||||
NULL,
|
||||
}, {
|
||||
"umask_override", T_FLAG,
|
||||
"The umask specified in sudoers will override the user's, even if it is more permissive",
|
||||
NULL,
|
||||
}, {
|
||||
NULL, 0, NULL
|
||||
}
|
||||
|
||||
@@ -142,6 +142,8 @@
|
||||
#define I_PWFEEDBACK 70
|
||||
#define def_fast_glob (sudo_defs_table[71].sd_un.flag)
|
||||
#define I_FAST_GLOB 71
|
||||
#define def_umask_override (sudo_defs_table[72].sd_un.flag)
|
||||
#define I_UMASK_OVERRIDE 72
|
||||
|
||||
enum def_tupple {
|
||||
never,
|
||||
|
||||
@@ -229,3 +229,6 @@ pwfeedback
|
||||
fast_glob
|
||||
T_FLAG
|
||||
"Use faster globbing that is less accurate but does not access the filesystem"
|
||||
umask_override
|
||||
T_FLAG
|
||||
"The umask specified in sudoers will override the user's, even if it is more permissive"
|
||||
|
||||
20
sudo.c
20
sudo.c
@@ -453,14 +453,19 @@ main(argc, argv, envp)
|
||||
exit(rc);
|
||||
|
||||
/*
|
||||
* Override user's umask if configured to do so.
|
||||
* If user's umask is more restrictive, OR in those bits too.
|
||||
* Set umask based on sudoers.
|
||||
* If user's umask is more restrictive, OR in those bits too
|
||||
* unless umask_override is set.
|
||||
*/
|
||||
if (def_umask != 0777) {
|
||||
mode_t mask = umask(def_umask);
|
||||
mask |= def_umask;
|
||||
if (mask != def_umask)
|
||||
umask(mask);
|
||||
if (def_umask_override) {
|
||||
umask(def_umask);
|
||||
} else {
|
||||
mode_t mask = umask(def_umask);
|
||||
mask |= def_umask;
|
||||
if (mask != def_umask)
|
||||
umask(mask);
|
||||
}
|
||||
}
|
||||
|
||||
/* Restore coredumpsize resource limit. */
|
||||
@@ -537,7 +542,8 @@ main(argc, argv, envp)
|
||||
NewArgv[0] = "sh";
|
||||
NewArgv[1] = safe_cmnd;
|
||||
execv(_PATH_BSHELL, NewArgv);
|
||||
} warning("unable to execute %s", safe_cmnd);
|
||||
}
|
||||
warning("unable to execute %s", safe_cmnd);
|
||||
exit(127);
|
||||
} else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
|
||||
audit_failure(NewArgv, "No user or host");
|
||||
|
||||
@@ -781,6 +781,15 @@ the user running it. With this flag enabled, B<sudo> will use a
|
||||
file named for the tty the user is logged in on in that directory.
|
||||
This flag is I<@tty_tickets@> by default.
|
||||
|
||||
=item umask_override
|
||||
|
||||
If set, B<sudo> will set the umask as specified by I<sudoers> without
|
||||
modification. This makes it possible to specify a more permissive
|
||||
umask in I<sudoers> than the user's own umask and matches historical
|
||||
behavior. If I<umask_override> is not set, B<sudo> will set the
|
||||
umask to be the union of the user's umask and what is specified in
|
||||
I<sudoers>. This flag is I<off> by default.
|
||||
|
||||
=item use_loginclass
|
||||
|
||||
If set, B<sudo> will apply the defaults specified for the target user's
|
||||
|
||||
Reference in New Issue
Block a user