[karmic] sudoers corrupted - all root xs lost

Reported by rene7705 on 2010-01-08
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu
Undecided
Unassigned

Bug Description

Ok, i made a mistake by entering a faulty line into /etc/sudoers
And before that another one by forgetting my root passwd

However, i did not expect sudo to stop working completely when it has 1 bad line in /etc/sudoers

I also did not expect that every tutorial on how to reset your root passwd just doesn't work for me.

Rebooting into recovery mode gets me a root prompt that is unable to use passwd.
Something about failure to update the token, file-system read-only.
But mount reports that it's in rw. strange.

Holding shift while selecting recovery mode in grub (which is a STUPID way to get to an extra menu btw) gets me a menu that i'm unable to navigate with the cursor keys. After a few seconds, it nags about not being able to mount file-systems, then continues booting to a login-prompt, which is of course useless to me at this moment.

FFS, go fix this huge bug, starting at /etc/sudoers.

rene@ekster:~$ uname -a
Linux ekster 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux

rene7705 (rene7705) wrote :

Ok, i was able to solve the problem like so:

- boot off ubuntu karmic live CD
- goto Applications | Accessoires | Terminal
- enter these commands:
sudo fdisk -l
  (then note which /dev/xxxx entry is your now-faulty root filesystem)

sudo mkdir /media/x
sudo mount /dev/xxxx /media/x
sudo apt-get install vim
sudo vim /media/x/sudoers

Still, the original report stands. It could've been a lot easier to solve if sudo isn't quite so paranoid.

rene7705 (rene7705) wrote :

Also, the line in my sudoers that caused loss of my root-xs was:

%www-data (ALL)=(ALL) (ALL)

it's a valid group-name / user-name. why does sudo puke on it in the first place???

rene7705 (rene7705) wrote :

hmm, this works fine:

www-data ALL=(ALL) NOPASSWD:ALL

Marc Deslauriers (mdeslaur) wrote :

Thanks for opening this bug.

You should edit the sudoers file with the "visudo" command. That way, a parsing error won't lock yourself out.

Closing this bug as per your last comment.

security vulnerability: yes → no
visibility: private → public
Changed in ubuntu:
status: New → Invalid
rene7705 (rene7705) wrote :

Hmm.. i admit, i should've read the comments in the file i was editing.

But just a suggestion; you could have sudo keep a backup copy of the last known good for /etc/sudoers.
If it detects a corrupt /etc/sudoers, it tells you it's using the backup (and it's location).

That way, i as an app coder can focus on app coding instead of having to read the entire comments for every OS config file i need to edit, hoping to spot that comment that is going to save me from creating fatal errors by beginner mistake.
Serverconfig-ing is not my hobby, and it negatively affects my net income.

The way it is now is very user-unfriendly.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers