First run of nano creates a directory in $HOME, if run as sudo will be root owned

Bug #1471459 reported by Paul White on 2015-07-04
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Low
Unassigned
nano (Ubuntu)
Low
Unassigned

Bug Description

If nano is started for the first with sudo then a root owned directory named .nano is created in the user's $HOME directory.
If 1st. started as a user then the user owns .nano & ownership will not be altered by subsequent use of sudo nano.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: nano 2.4.1-1
ProcVersionSignature: Ubuntu 3.19.0-22.22-generic 3.19.8-ckt1
Uname: Linux 3.19.0-22-generic x86_64
ApportVersion: 2.17.3-0ubuntu4
Architecture: amd64
Date: Sat Jul 4 20:06:16 2015
InstallationDate: Installed on 2015-02-25 (128 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20150224)
SourcePackage: nano
UpgradeStatus: No upgrade log present (probably fresh install)

Paul White (paulw2u) wrote :
Paul White (paulw2u) on 2015-07-04
Changed in nano (Ubuntu):
status: New → Invalid
ajgreeny (ajg-charlbury) wrote :

Using sudo nano /etc/fstab still makes a hidden root-owned .nano folder in my home, so as far as I'm concerned the bug is still live.

Paul White (paulw2u) on 2015-07-06
Changed in nano (Ubuntu):
status: Invalid → New
Paul White (paulw2u) wrote :

Changed to confirmed as two users affected, me and one other. Please ignore comment #2.

Changed in nano (Ubuntu):
status: New → Confirmed
ajgreeny (ajg-charlbury) wrote :

Paul, I assume you are aware of the forum thread at http://ubuntuforums.org/showthread.php?t=2285298

v3.xx (v3-xxjs) wrote :

Ubuntu Mate 15.10 also affected by this bug.

Changed in nano (Ubuntu):
importance: Undecided → Low
Changed in hundredpapercuts:
status: New → Confirmed
importance: Undecided → Low
Doug McMahon (mc3man) on 2015-07-07
summary: - Launching nano with sudo creates a root owned directory in $HOME
+ First run of nano creates a directory in $HOME, if run as sudo will be
+ root owned
description: updated

Current nano (2.4.2) will only check for the existence of $HOME/.nano/ (and create it when it doesn't exist) when 'set historylog' or 'set poslog' are set in the $HOME/.nanorc file (or when the -H or -P options are used on the command line). But... when nano is used for the very first time (with sudo), how come there is already a .nanorc file? Does Ubuntu give you a default one? Or do they tell you to create a .nanorc before starting to use nano?

Maybe Ubuntu could consider adding an empty .nano dir to the skeleton dir for each new user?

For those affected by the bug, could you please paste the output of 'sudo sudo -V | head -1', and of 'sudo sudo -V | grep -e ve: -e HOME', and of 'sudo grep -v ^# /etc/sudoers'? Because if all things are at their defaults, the sudo of Wily shouldn't be preserving HOME but should be setting it to the home directory of root instead.

Doug Smythies (dsmythies) wrote :

Requested information. Fresh server installation from Wily daily a couple of days ago:

doug@serv64-dev:~$ sudo sudo -V | head -1
Sudo version 1.8.12
doug@serv64-dev:~$ sudo sudo -V | grep -e ve: -e HOME
Environment variables to remove:
        PYTHONHOME
Environment variables to preserve:
        HOME
doug@serv64-dev:~$ sudo grep -v ^# /etc/sudoers
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL

doug@serv64-dev:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10
Codename: wily

It turns out that Ubuntu carries a patch for sudo that Debian doesn't: see keep_home_by_default.patch [1].
See also the changelog [2], somewhere in item 72. So I think one should ask the Ubuntu maintainer of sudo what the motivation for this patch is. And if there is no strong reason for it, ask him to drop it. That would solve this issue.

[1] https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/wily/sudo/wily-proposed/files/head:/debian/patches/
[2] https://code.launchpad.net/~ubuntu-branches/ubuntu/wily/sudo/wily

Paul, when you temporarily move ~/.nano and ~/.nanorc to different names, does a run of 'sudo nano' then create a new ~/.nano?

Anyone, what does 'grep -e storylog -e poslog /etc/nanorc' on Wily say?

This has been addressed in nano's SVN, r5580. In version 2.5.2 and higher, nano will ignore $HOME when it is effectively running as root, and will therefore not create or change anything in the home directory of the user that invokes nano through a plain sudo.

(It also means that it will not use the normal user's .nanorc, but only the global /etc/nanorc plus the .nanorc file in /root. Which is kind of nice, because you can then give a root-privileged nano another appearance from that of a normal user, by using for example 'set titlecolor brightwhite,red'.)

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nano - 2.5.2-1

---------------
nano (2.5.2-1) unstable; urgency=medium

  * New upstream release.
    - Ignores $HOME when effective user is root, to avoid creating root-owned
      files when for example invoking under sudo (LP: #1471459).
  * Sync debian/nanorc with upstream nanorc.sample.
  * Use https for the download URL and Vcs-Browser.

 -- Jordi Mallach <email address hidden> Fri, 12 Feb 2016 14:29:11 +0100

Changed in nano (Ubuntu):
status: Confirmed → Fix Released
Paul White (paulw2u) on 2016-03-28
Changed in hundredpapercuts:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers