I have a rust executable that attempts to subprocess and give ownership of a directory away via sudo chown. The executable is owned by a service account (jobsys) and has its suid bit set.
In my sudoers file, i have it set up for password-less usage for jobsys. eg
jobsys ALL=(ALL) NOPASSWD: ALL
However, when I call the program, I am prompted for a password. I have confirmed that the euid is correct in the subprocess, as i print it out prior to calling sudo chown.
And if I su to jobsys and call the program directly, I am not prompted for a password so I know that the sudoers file is set up correctly.
Furthermore, this is a reimplementation of a program written in python (and wrapped in c) which worked well (albeit slowly… not this part) enough. However, I thought i would port this to rust…
So the question is whether there is some potential bug in std::subprocess (like not paying attention to euid) or if I am making some sort of incorrect assumption…