Hi, I'm wondering about this too. I've looked into the postinst; it creates /var/lib/sudo, but it doesn't set any explicit permissions and instead just copies the old ones from /var/run/sudo:
> # handle state directory transition from /var/run/sudo to /var/lib/sudo, > # moving any existing content over to avoid re-lecturing existing users > if [ -d "/var/run/sudo" ];then > mkdir -p /var/lib/sudo > (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) > rm -rf /var/run/sudo > fi According to man sudoers, both 700 and 755 are wrong and it should be 711: > unable to open /var/lib/sudo/ts/username > sudoers was unable to read or create the user's time stamp file. This > can happen when timestampowner is set to a user other than root and the > mode on /var/lib/sudo is not searchable by group or other. The default > mode for /var/lib/sudo is 0711. When I delete /var/lib/sudo and then use sudo, it recreates the directory with 711. Seems to me like a bug in the postinst; I think it should just execute `chmod 711 /var/lib/sudo` whenever it runs. -- Mit freundlichen Grüßen Martin v. Wittich IServ GmbH Bültenweg 73 38106 Braunschweig Telefon: 0531-2243666-0 Fax: 0531-2243666-9 E-Mail: [email protected] Internet: iserv.eu USt-IdNr. DE265149425 | Amtsgericht Braunschweig | HRB 201822 Geschäftsführer: Benjamin Heindl, Jörg Ludwig
