FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian dpkg

 
 
LinkBack Thread Tools
 
Old 02-08-2011, 10:56 PM
Jonathan Nieder
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

Bdale Garbee wrote:

> The version of sudo in sid/experimental has switched to treating the
> sudoers file as a standard Debian "conffile" instead of the former
> ad-hoc approach to managing the file.
>
> Given that there's no way for the sudo package to know what changes you
> might have made to the existing sudoers file, I see no viable option
> other than the prompting.

Cc-ing debian-dpkg for help.

An ideal solution would involve telling dpkg about the md5sum for the
previously shipped version somehow, but I'm not aware of any
interface for that.

Thanks for the explanation.
Jonathan


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110208235631.GA23354@elie">http://lists.debian.org/20110208235631.GA23354@elie
 
Old 02-09-2011, 06:11 AM
Raphael Hertzog
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

Hi,

On Tue, 08 Feb 2011, Jonathan Nieder wrote:
> Bdale Garbee wrote:
> > The version of sudo in sid/experimental has switched to treating the
> > sudoers file as a standard Debian "conffile" instead of the former
> > ad-hoc approach to managing the file.

That's already the case for the version in unstable...

> > Given that there's no way for the sudo package to know what changes you
> > might have made to the existing sudoers file, I see no viable option
> > other than the prompting.

The point is precisely to deal with the case when the user has not made
any change. And for this you would have to move /etc/sudoers aside in
"preinst upgrade" if it matches the md5sum of an unmodified file.

And move it back in "postrm abort-upgrade" in case the upgrade is
interrupted. And drop the renamed file in "postinst configure" if the
upgrade went well and the new conffile got installed.

> An ideal solution would involve telling dpkg about the md5sum for the
> previously shipped version somehow, but I'm not aware of any
> interface for that.

There's no such interface currently.

But dealing with the scenario above could be a new feature of
dpkg-maintscript-helper.

Jonathan, do you feel like implementing this?

Cheers,
--
Raphaël Hertzog ◈ Debian Developer

Follow my Debian News ▶ http://RaphaelHertzog.com (English)
▶ http://RaphaelHertzog.fr (Français)


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209071153.GA25299@rivendell.home.ouaza.com">h ttp://lists.debian.org/20110209071153.GA25299@rivendell.home.ouaza.com
 
Old 02-09-2011, 08:25 AM
Jonathan Nieder
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

Raphael Hertzog wrote:

> The point is precisely to deal with the case when the user has not made
> any change. And for this you would have to move /etc/sudoers aside in
> "preinst upgrade" if it matches the md5sum of an unmodified file.

Thanks, Raphal. The main problem with this solution is that it makes
it hard to recover in the case of an interrupted upgrade (think "power
failure"). I don't think it makes sense to force the admin to reboot
in single user mode in such cases if it is avoidable.

> But dealing with the scenario above could be a new feature of
> dpkg-maintscript-helper.
>
> Jonathan, do you feel like implementing this?

I'll look into what needs to happen in dpkg proper.

Bdale, if nothing happens in that front soon, the simplest workaround
might be to teach sudo to use ucf. Not a dependency I like, but so it
goes. Would you be interested in a patch doing that?


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209092522.GB3350@elie">http://lists.debian.org/20110209092522.GB3350@elie
 
Old 02-09-2011, 08:51 AM
Sven Joachim
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

On 2011-02-09 10:25 +0100, Jonathan Nieder wrote:

> Raphael Hertzog wrote:
>
>> The point is precisely to deal with the case when the user has not made
>> any change. And for this you would have to move /etc/sudoers aside in
>> "preinst upgrade" if it matches the md5sum of an unmodified file.
>
> Thanks, Raphal. The main problem with this solution is that it makes
> it hard to recover in the case of an interrupted upgrade (think "power
> failure"). I don't think it makes sense to force the admin to reboot
> in single user mode in such cases if it is avoidable.
>
>> But dealing with the scenario above could be a new feature of
>> dpkg-maintscript-helper.
>>
>> Jonathan, do you feel like implementing this?
>
> I'll look into what needs to happen in dpkg proper.
>
> Bdale, if nothing happens in that front soon, the simplest workaround
> might be to teach sudo to use ucf. Not a dependency I like, but so it
> goes. Would you be interested in a patch doing that?

Before anyone delves into this, have a look at bug #605130 which is
exactly the problem that was solved by making /etc/sudoers a conffile.

Cheers,
Sven


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87lj1ph6xp.fsf@turtle.gmx.de">http://lists.debian.org/87lj1ph6xp.fsf@turtle.gmx.de
 
Old 02-09-2011, 09:25 AM
Jonathan Nieder
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

Sven Joachim wrote:

> Before anyone delves into this, have a look at bug #605130 which is
> exactly the problem that was solved by making /etc/sudoers a conffile.

Yes, sudoers is co-owned between sudo and sudo-ldap and needs to be
removed when both are purged.

I think ucf can handle that. When sudo-ldap or sudo (they conflict
with one other) is installed, it can take ownership of the file using
"ucfr --force".

Am I missing something?


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110209102551.GA3845@elie">http://lists.debian.org/20110209102551.GA3845@elie
 
Old 02-09-2011, 10:55 AM
Sven Joachim
 
Default sudo: prompts despite unmodified /etc/sudoers on upgrade

On 2011-02-09 11:25 +0100, Jonathan Nieder wrote:

> Sven Joachim wrote:
>
>> Before anyone delves into this, have a look at bug #605130 which is
>> exactly the problem that was solved by making /etc/sudoers a conffile.
>
> Yes, sudoers is co-owned between sudo and sudo-ldap and needs to be
> removed when both are purged.
>
> I think ucf can handle that. When sudo-ldap or sudo (they conflict
> with one other) is installed, it can take ownership of the file using
> "ucfr --force".
>
> Am I missing something?

You still need to remove the file yourself on purge, ucf does not do
that for you. How are you going to do that?

Cheers,
Sven


--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 874o8dh168.fsf@turtle.gmx.de">http://lists.debian.org/874o8dh168.fsf@turtle.gmx.de
 

Thread Tools




All times are GMT. The time now is 05:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org