On Fri, Nov 17, 2023 at 10:50:19AM -0500, Greg Troxel wrote:
> My system is netbsd-10. It was installed around 2003 and has been
> updated since then, both to each NetBSD stable branch, and to new disks
> usually via dump/restore and sometimes rsync. Other than the problem I
> am describing in this message, occasional hangs that I blame on ZFS, and
> X display glitches, it is working well.
>
> I have logged in to ttyE0, and ran "xinit .xsession" which starts xfce4
> and I am in an xterm with tmux.
>
> I had recently noticed that my system did not have /dev/pts, so I grabbed
> the line from /etc/fstab on a more recenntly-installed system. I then
> removed the /dev/ttyp* type entries. This messed up tmux but logging
> out and starting fresh was ok, and this was not surprising. Now the
> system is apparently ok execpt for sudo/pkgsrc.
>
> I have for a long time had in mk.conf:
>
> SU_CMD=sudo /bin/sh -c
>
> and "make replace" has invoked sudo, with sudo respecting the
> don't-ask-for-password timer as documented. Recently this stopped
> working.
>
> After a lot of investigating including writing a quick read/printf
> program to examine the sudo timestamp files, the problem appears to be
> that the timestamp records are "TS_PPID" rather than "TS_TTY". The
> parent is something deep in make, and thus different every time. So
> this is not really a pkgsrc issue.
>
> I have added:
> Defaults timestamp_type=tty
>
>
> Has anyone else seen sudo refusing to use tty as a timestamp type?
>
>
> sudoers(5) excerpt:
>
> timestamp_type sudoers uses per-user time stamp files for credential
> caching. The timestamp_type option can be used to
> specify the type of time stamp record used. It has the
> following possible values:
>
> global A single time stamp record is used for all of a
> user's login sessions, regardless of the
> terminal or parent process ID. An additional
> record is used to serialize password prompts
> when sudo is used multiple times in a pipeline,
> but this does not affect authentication.
>
> ppid A single time stamp record is used for all
> processes with the same parent process ID
> (usually the shell). Commands run from the
> same shell (or other common parent process)
> will not require a password for
> timestamp_timeout minutes (5 by default).
> Commands run via sudo with a different parent
> process ID, for example from a shell script,
> will be authenticated separately.
>
> tty One time stamp record is used for each
> terminal, which means that a user's login
> sessions are authenticated separately. If no
> terminal is present, the behavior is the same
> as ppid. Commands run from the same terminal
> will not require a password for
> timestamp_timeout minutes (5 by default).
FWIW: In the "tty" entry there is: "If no terminal is present, the behavior
is the same ass ppid." Could it be that the tmux instances are not
recognized as terminal / tty anymore ?
In doc/CHANGES:
tmux(1): Import version 3.3a [wiz 20230628]
--
Thierry Laronde <tlaronde +AT+ kergis +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
