Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian dpkg (http://www.linux-archive.org/debian-dpkg/)
-   -   sudo: prompts despite unmodified /etc/sudoers on upgrade (http://www.linux-archive.org/debian-dpkg/486842-sudo-prompts-despite-unmodified-etc-sudoers-upgrade.html)

Jonathan Nieder 02-08-2011 10:56 PM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
Bdale Garbee wrote:

> The version of sudo in sid/experimental has switched to treating the
> sudoers file as a standard Debian "conffile" instead of the former
> ad-hoc approach to managing the file.
>
> Given that there's no way for the sudo package to know what changes you
> might have made to the existing sudoers file, I see no viable option
> other than the prompting.

Cc-ing debian-dpkg for help.

An ideal solution would involve telling dpkg about the md5sum for the
previously shipped version somehow, but I'm not aware of any
interface for that.

Thanks for the explanation.
Jonathan


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110208235631.GA23354@elie">http://lists.debian.org/20110208235631.GA23354@elie

Raphael Hertzog 02-09-2011 06:11 AM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
Hi,

On Tue, 08 Feb 2011, Jonathan Nieder wrote:
> Bdale Garbee wrote:
> > The version of sudo in sid/experimental has switched to treating the
> > sudoers file as a standard Debian "conffile" instead of the former
> > ad-hoc approach to managing the file.

That's already the case for the version in unstable...

> > Given that there's no way for the sudo package to know what changes you
> > might have made to the existing sudoers file, I see no viable option
> > other than the prompting.

The point is precisely to deal with the case when the user has not made
any change. And for this you would have to move /etc/sudoers aside in
"preinst upgrade" if it matches the md5sum of an unmodified file.

And move it back in "postrm abort-upgrade" in case the upgrade is
interrupted. And drop the renamed file in "postinst configure" if the
upgrade went well and the new conffile got installed.

> An ideal solution would involve telling dpkg about the md5sum for the
> previously shipped version somehow, but I'm not aware of any
> interface for that.

There's no such interface currently.

But dealing with the scenario above could be a new feature of
dpkg-maintscript-helper.

Jonathan, do you feel like implementing this? :)

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
▶ http://RaphaelHertzog.fr (Français)


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209071153.GA25299@rivendell.home.ouaza.com">h ttp://lists.debian.org/20110209071153.GA25299@rivendell.home.ouaza.com

Jonathan Nieder 02-09-2011 08:25 AM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
Raphael Hertzog wrote:

> The point is precisely to deal with the case when the user has not made
> any change. And for this you would have to move /etc/sudoers aside in
> "preinst upgrade" if it matches the md5sum of an unmodified file.

Thanks, Raphal. The main problem with this solution is that it makes
it hard to recover in the case of an interrupted upgrade (think "power
failure"). I don't think it makes sense to force the admin to reboot
in single user mode in such cases if it is avoidable.

> But dealing with the scenario above could be a new feature of
> dpkg-maintscript-helper.
>
> Jonathan, do you feel like implementing this? :)

I'll look into what needs to happen in dpkg proper.

Bdale, if nothing happens in that front soon, the simplest workaround
might be to teach sudo to use ucf. Not a dependency I like, but so it
goes. Would you be interested in a patch doing that?


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209092522.GB3350@elie">http://lists.debian.org/20110209092522.GB3350@elie

Sven Joachim 02-09-2011 08:51 AM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
On 2011-02-09 10:25 +0100, Jonathan Nieder wrote:

> Raphael Hertzog wrote:
>
>> The point is precisely to deal with the case when the user has not made
>> any change. And for this you would have to move /etc/sudoers aside in
>> "preinst upgrade" if it matches the md5sum of an unmodified file.
>
> Thanks, Raphal. The main problem with this solution is that it makes
> it hard to recover in the case of an interrupted upgrade (think "power
> failure"). I don't think it makes sense to force the admin to reboot
> in single user mode in such cases if it is avoidable.
>
>> But dealing with the scenario above could be a new feature of
>> dpkg-maintscript-helper.
>>
>> Jonathan, do you feel like implementing this? :)
>
> I'll look into what needs to happen in dpkg proper.
>
> Bdale, if nothing happens in that front soon, the simplest workaround
> might be to teach sudo to use ucf. Not a dependency I like, but so it
> goes. Would you be interested in a patch doing that?

Before anyone delves into this, have a look at bug #605130 which is
exactly the problem that was solved by making /etc/sudoers a conffile.

Cheers,
Sven


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87lj1ph6xp.fsf@turtle.gmx.de">http://lists.debian.org/87lj1ph6xp.fsf@turtle.gmx.de

Jonathan Nieder 02-09-2011 09:25 AM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
Sven Joachim wrote:

> Before anyone delves into this, have a look at bug #605130 which is
> exactly the problem that was solved by making /etc/sudoers a conffile.

Yes, sudoers is co-owned between sudo and sudo-ldap and needs to be
removed when both are purged.

I think ucf can handle that. When sudo-ldap or sudo (they conflict
with one other) is installed, it can take ownership of the file using
"ucfr --force".

Am I missing something?


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209102551.GA3845@elie">http://lists.debian.org/20110209102551.GA3845@elie

Sven Joachim 02-09-2011 10:55 AM

sudo: prompts despite unmodified /etc/sudoers on upgrade
 
On 2011-02-09 11:25 +0100, Jonathan Nieder wrote:

> Sven Joachim wrote:
>
>> Before anyone delves into this, have a look at bug #605130 which is
>> exactly the problem that was solved by making /etc/sudoers a conffile.
>
> Yes, sudoers is co-owned between sudo and sudo-ldap and needs to be
> removed when both are purged.
>
> I think ucf can handle that. When sudo-ldap or sudo (they conflict
> with one other) is installed, it can take ownership of the file using
> "ucfr --force".
>
> Am I missing something?

You still need to remove the file yourself on purge, ucf does not do
that for you. How are you going to do that?

Cheers,
Sven


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 874o8dh168.fsf@turtle.gmx.de">http://lists.debian.org/874o8dh168.fsf@turtle.gmx.de


All times are GMT. The time now is 12:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.