user prompted for sudo changes on upgrade in ec2/uec image
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Release Notes for Ubuntu |
Won't Fix
|
Undecided
|
Unassigned | ||
sudo (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Ubuntu Foundations Team |
Bug Description
Binary package hint: sudo
This is a much less sever bug than bug 761689.
Instead of *not* being prompted, and being permanently locked out of sudo, the user is shown a prompt asking what to do about hte differences in sudo configuration, and suggesting they use sudo.d.
In the limited case of EC2/UEC images, we can recognize that they're using an unmodified sudo file and appropriately write a sudo.d entry for them.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: sudo 1.7.4p4-5ubuntu7
ProcVersionSign
Uname: Linux 2.6.38-8-virtual i686
Architecture: i386
Date: Thu Apr 21 21:51:09 2011
Ec2AMI: ami-a6f504cf
Ec2AMIManifest: ubuntu-
Ec2Availability
Ec2InstanceType: m1.small
Ec2Kernel: aki-407d9529
Ec2Ramdisk: unavailable
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: Upgraded to natty on 2011-04-21 (0 days ago)
== natty release note ==
When upgrading a UEC Image to 11.04 on EC2 or UEC, the user will be prompted regarding changes to local file /etc/sudoers. Selecting "Accept the maintainer's version" will result in the 'ubuntu' user losing access to sudo. Instead, select the default response "keep your currently-installed version" (N).
== SRU Information ==
* Impact: This bug affects upgrade from 10.10 to 11.04 on the "UEC Images" only. UEC Images come with a 'ubuntu' user pre-configured with passwordless sudo access. Upon upgrade of sudo, if the user selects "Accept the Maintainer's version" of the sudoers file, then they will lose sudo access entirely.
* How Bug is addressed: The bug is fixed by modifying the pre-install script of sudo to recognize the particular md5sum of /etc/sudoers that exists in UEC images. If that md5sum is found, then the stock /etc/sudoers file is laid down, and the 'ubuntu user' specific sudoers stanza is written to /etc/sudoers.
* Patch: The changes for this fix are available at http://
* Regression Potential: The regression potential here should be *very* low. The only time where different codepath will be taken is if /etc/sudoers has a known md5sum.
* TEST CASE:
* Launch an EC2 instance of 10.10.
* ssh in as 'ubuntu@host'
* enable -proposed
* sudo apt-get update
* sudo do-release-upgrade
* The user will not be prompted for merge of /etc/sudoers
* After upgrade, user still has passwordless sudo access.
* Note: if the fix was not availale (ie, proposed not enabled) then the user will be prompted for merge of /etc/sudoers.
Related branches
- Michael Vogt (community): Approve
- Dave Walker (community): Needs Information
- Ubuntu branches: Pending requested
-
Diff: 52 lines (+26/-1)2 files modifieddebian/changelog (+8/-0)
debian/sudo.preinst (+18/-1)
tags: | added: server-nrs |
Changed in sudo (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in sudo (Ubuntu Oneiric): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in sudo (Ubuntu Oneiric): | |
assignee: | nobody → Ubuntu Foundations Team (ubuntu-foundations-team) |
description: | updated |
description: | updated |
Michael,
I would appreciate your thoughts on this bug.