1

Why won't sudo recognize my group, in a fresh login after using groupadd?

Our DigitalOcean CentOS comes with a borked sudo implementation. It's the following script, note well line #2:

$ nl $(which sudo) 
     1  #! /bin/sh
     2  # TODO: parse & pass-through sudo options from $@
     3  sudo_options="-E"

     4  for arg in "$@"
     5  do
     6     case "$arg" in
     7      *\'*)
     8        arg= ;;
     9     esac
    10     cmd_options="$cmd_options '$arg'" 
    11  done
    12  exec /usr/bin/sudo $sudo_options \
LD_LIBRARY_PATH=$LD_LIBRARY_PATH PATH=$PATH \
scl enable devtoolset-7 "$cmd_options"

Having fixed that script to pass through sudo options, I'm unable to invoke an executable as a group. My script ends with:

exec /usr/bin/sudo -g foo LD_LIBRARY_PATH=[...] /lib PATH=[...] \
scl enable devtoolset-7 install -o jim -g foo -m 2755 [files...]
sudo: unknown group: 'foo'
sudo: unable to initialize policy plugin

But the group is defined:

$ grep foo /etc/group
foo:x:1004:

and I am in the group:

$ id
uid=1003(jim) gid=1003(jim) groups=1003(jim),10(wheel),1004(foo) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

In case it matters: 

$ cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)
slm
  • 363,520
  • 117
  • 767
  • 871
James K. Lowden
  • 2,052
  • 13
  • 15
  • The official tutorials shown here - https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos show a different method for adding groups. – slm Jul 30 '18 at 20:33
  • No, that tutorial doesn't show how to add a group. It describes how to configure sudo. I'm in the wheel group, and sudo is configured to let wheel do anything. If groupadd doesn't add groups, what does? – James K. Lowden Jul 30 '18 at 21:16
  • My mistake, it shows the addition of adding a user to a existing group. – slm Jul 31 '18 at 01:07

0 Answers0