Ubuntu
adduser package

  1. Bug #857502
  2. Activity log

Activity log for bug #857502

Date Who What changed Old value New value Message
2011-09-23 15:27:31 Simon Déziel bug added bug
2011-09-23 15:28:01 Simon Déziel description When deleting a user, its sudo time stamp file if any is not invalidated. This means that if the same use is recreated right after the deletion (and joined to the sudo group), the new user can do "sudo -i" without receiving a password prompt. This could be solved by removing the files under /var/lib/sudo/<user>/ or /var/run/sudo/<user>/ (on older Ubuntu versions). $ lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 $ apt-cache policy adduser adduser: Installed: 3.112+nmu1ubuntu5 Candidate: 3.112+nmu1ubuntu5 Version table: *** 3.112+nmu1ubuntu5 0 500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: adduser 3.112+nmu1ubuntu5 ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8 Uname: Linux 2.6.38-11-generic x86_64 Architecture: amd64 Date: Fri Sep 23 11:03:57 2011 PackageArchitecture: all ProcEnviron: LANGUAGE=en_US:en LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: adduser UpgradeStatus: No upgrade log present (probably fresh install) When deleting a user, its sudo time stamp file, if any, is not invalidated. This means that if the same use is recreated right after the deletion (and joined to the sudo group), the new user can do "sudo -i" without receiving a password prompt. This could be solved by removing the files under /var/lib/sudo/<user>/ or /var/run/sudo/<user>/ (on older Ubuntu versions). $ lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 $ apt-cache policy adduser adduser:   Installed: 3.112+nmu1ubuntu5   Candidate: 3.112+nmu1ubuntu5   Version table:  *** 3.112+nmu1ubuntu5 0         500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages         100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: adduser 3.112+nmu1ubuntu5 ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8 Uname: Linux 2.6.38-11-generic x86_64 Architecture: amd64 Date: Fri Sep 23 11:03:57 2011 PackageArchitecture: all ProcEnviron:  LANGUAGE=en_US:en  LANG=en_US.UTF-8  SHELL=/bin/bash SourcePackage: adduser UpgradeStatus: No upgrade log present (probably fresh install)
2011-09-23 15:28:51 Simon Déziel description When deleting a user, its sudo time stamp file, if any, is not invalidated. This means that if the same use is recreated right after the deletion (and joined to the sudo group), the new user can do "sudo -i" without receiving a password prompt. This could be solved by removing the files under /var/lib/sudo/<user>/ or /var/run/sudo/<user>/ (on older Ubuntu versions). $ lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 $ apt-cache policy adduser adduser:   Installed: 3.112+nmu1ubuntu5   Candidate: 3.112+nmu1ubuntu5   Version table:  *** 3.112+nmu1ubuntu5 0         500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages         100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: adduser 3.112+nmu1ubuntu5 ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8 Uname: Linux 2.6.38-11-generic x86_64 Architecture: amd64 Date: Fri Sep 23 11:03:57 2011 PackageArchitecture: all ProcEnviron:  LANGUAGE=en_US:en  LANG=en_US.UTF-8  SHELL=/bin/bash SourcePackage: adduser UpgradeStatus: No upgrade log present (probably fresh install) When deleting a user, its sudo time stamp file, if any, is not invalidated. This means that if the same use is recreated right after the deletion (and joined to the sudo group), the new user can do "sudo -i" without receiving a password prompt. This problem is mitigated by the fact that the time stamp expires after a short delay but I still feel that's not right to not remove it. This could be solved by removing the files under /var/lib/sudo/<user>/ or /var/run/sudo/<user>/ (on older Ubuntu versions). $ lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 $ apt-cache policy adduser adduser:   Installed: 3.112+nmu1ubuntu5   Candidate: 3.112+nmu1ubuntu5   Version table:  *** 3.112+nmu1ubuntu5 0         500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages         100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: adduser 3.112+nmu1ubuntu5 ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8 Uname: Linux 2.6.38-11-generic x86_64 Architecture: amd64 Date: Fri Sep 23 11:03:57 2011 PackageArchitecture: all ProcEnviron:  LANGUAGE=en_US:en  LANG=en_US.UTF-8  SHELL=/bin/bash SourcePackage: adduser UpgradeStatus: No upgrade log present (probably fresh install)