Sudoers snapd.conf will be ignored

Bug #1882215 reported by Frank Quinn on 2020-06-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Medium
Maciej Borzecki

Bug Description

There is a sudoers configuration file in an ubuntu 20.04 install of snapd:

root@locutus:/etc/sudoers.d# dpkg -S /etc/sudoers.d/99-snapd.conf
snapd: /etc/sudoers.d/99-snapd.conf

Which contains:

# Allow snap-provided applications to work with sudo

Defaults secure_path += /snap/bin

However I don't believe this file gets parsed. I tried to create my own similar file 01-xxxx.conf alongside it for entirely unrelated reasons assuming the file name was consistent and it didn't work. On closer inspection it looks like sudo ignores any included files containing a period.

https://stackoverflow.com/questions/21640770/file-in-etc-sudoers-d-file-not-being-read-by-sudo/21640893

I don't really use snap in my environment so don't know if there's any impact to the above, but thought I'd be a good citizen and report.

And on top of that, secure_path cannot be overwritten or appended to. We stopped shipping the file on Fedora and Arch. It should be dropped from the deb too.

Changed in snapd:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Maciej Borzecki (maciek-borzecki)

I've proposed a PR removing the file from snapd https://github.com/snapcore/snapd/pull/8885

Changed in snapd:
status: Confirmed → In Progress
Changed in snapd:
status: In Progress → Fix Committed
Zygmunt Krynicki (zyga) on 2020-06-23
Changed in snapd:
milestone: none → 2.46
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers