Ubuntu
sudo package

Default /etc/sudoers file overwrites /etc/sudoers.d for 'admin' users

Bug #580801 reported by SAL-e
44
This bug affects 7 people
Affects Status Importance Assigned to Milestone
sudo
Opinion
Undecided
Unassigned
sudo (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: sudo

I was trying to make truecrypt to mount encrypted container without asking my user's password after I provided my truecrypt password and found out that I need to modify my 'sudo' configuration. After reading bit more about sudo configuration I found out that custom configuration should be placed in '/etc/sudoers.d' instead of modifying the default '/etc/sudoers' file. I found out that my custom setting did not worked any user who is member of the group 'admin', but worked find for any other user. I found that last line '%admin ALL=(ALL) ALL' in default '/etc/sudoers' file overwrites any setting set in '/etc/sudoers.d'. I fixed it by moving the '#includedir /etc/sudoers.d' to be the last line. I am attaching my patch. I think that this should be fixed in default configuration file because I believe this file will get overwritten during the next 'sudo' upgrade.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: sudo 1.7.2p1-1ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Fri May 14 20:05:14 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: sudo
VisudoCheck: /etc/sudoers: parsed OK

Revision history for this message
SAL-e (sal-electronics) wrote :
Angel Abad (angelabad)
Changed in sudo (Ubuntu):
status: New → Confirmed
Revision history for this message
Lorenzo De Liso (blackz) wrote :

Can you please check if the problem is still present in the latest version of the package? If not, can you please rework your patch? Thanks.

Changed in sudo (Ubuntu):
status: Confirmed → Incomplete
tags: added: patch-needswork
tanvi (tanvi2606)
Changed in sudo:
status: New → Opinion
Revision history for this message
eraserix (eraserix) wrote :

Just for the record: This looks correct in oneiric, includedir as at the bottom of /etc/sudoers.

Revision history for this message
caludo (b-l-e-y) wrote :

This still happens for me on oneiric.

The #includedir directive *is* on the last line in /etc/sudoers, but the settings in the file /etc/sudoers.d/sometest are still overwritten by the rules /preceding/ it.

sudo -l gives:

Matching Defaults entries for paul on this host:
    env_reset

User paul may run the following commands on this host:
    (ALL) ALL
    (root) NOPASSWD: /sbin/mount

Trying to run "sudo /sbin/mount" still results in sudo asking for a password.

When I move the line from /etc/sudoers.d/sometest to the /etc/sudoers file it works.

Revision history for this message
Benjamin Drung (bdrung) wrote :

Thanks for reporting this bug. It should not have happened that your patch got unaddressed for so long.

I checked /etc/sudoers in Ubuntu 22.04 and it is correct there: the last line is "@includedir /etc/sudoers.d". So I mark this bug as fixed.

Changed in sudo (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.