Ubuntu

Installer should have an easy tool to restore root/sudo settings on existing system

Reported by Peter Parkkali on 2005-08-09
10
Affects Status Importance Assigned to Milestone
Baltix
Medium
Unassigned
rescue (Ubuntu)
Wishlist
Unassigned

Bug Description

A recurring question on the #ubuntu channels is how to fix one's sudo / root
account, after /etc/sudoers has been messed up and/or the user has set, and
forgotten, a root password. Usually people are advised to boot from a cd, mount
their root, and fix their sudoers/shadow/hosts file manually.

There could be a tool somewhere in the installer's menu, that would do whatever
it's necessary to restore the root/sudo access to default. An option to reset
normal users' passwords would probably be useful too ;)

Also, sudo seems to depend on gethostbyname(), which usually depends on
/etc/hosts mapping the hostname to 127.0.0.1. I've heard random anecdotes of
/etc/hosts "mysteriously" losing this entry, and also of people accidentaly
messing it up. I believe this tool should check /etc/hosts for this aswell.

Colin Watson (cjwatson) wrote :

We probably have the basic technology needed to add this to rescue-mode now.

jpkotta (jpkotta) wrote :

I can confirm the gethostbyname() stuff. There are several reports in the Ubuntu Forums of people locking themselves out of using sudo by removing the hostname (a search of "sudo gethostbyname" will confirm this). I've tried it myself; here's what I've found:
I used network-admin to set my hostname to nothing. It gave me a warning about not being able to open applications until I log in again, but nothing about screwing up sudo. Not that it should, because sudo should work without a hostname, or at least automatically fix itself if hostname is null. Anyway, after ignoring network-admin's warning, I tried to use sudo again, and it worked, albeit with errors (sudo: unable to lookup via gethostbyname()). I logged out and logged back in, and it worked (with errors). I rebooted and it failed. I think something in the shutdown sequence modifies /etc/hosts and /etc/hostname, because they didn't change immediately.

I think there should be a boot script that sets the hostname to the default if it is null. For example I made a script with "if [[ -z `hostname` ]] ; then hostname ubuntu ; fi" and made it run before all other boot scripts. I still got errors, but sudo worked. I think the script would have to make the first line of /etc/hosts and /etc/hostname agree in order to be successful, i.e. '127.0.0.1 localhost.localdomain localhost foobar' and 'foobar', respectively.

Should this be filed as a separate bug?

On do, 2006-02-09 at 02:57 +0000, jpkotta wrote:
> There are several reports in the Ubuntu Forums of people locking
> themselves out of using sudo by removing the hostname

How on earth is that a bug in Ubuntu? Users simply shouldn't do such
stupid things...
--
Dennis K.
  - Linux for human beings: http://www.ubuntu.com
  - Linux voor iedereen: http://www.ubuntu-nl.org

jpkotta (jpkotta) wrote :

<quote>
How on earth is that a bug in Ubuntu? Users simply shouldn't do such stupid things...
</quote>

I hope this is sarcasm. Most of my non-geek friends think I'm crazy for naming my computers. I don't purport to be a Unix guru, but I think I have a good handle on things. That removing your hostname would bork sudo was not at all obvious to me, and certainly wouldn't be obvious to any user new to Linux.

It doesn't make sense to have a null hostname, and having a null hostname causes problems. Therefore it should be checked for and corrected if necessary. Users shouldn't do stupid things, but they do. While we shouldn't bail them out every time, it seems easy enough to do in this case.

Annie (anne-browndomain) wrote :

<quote>How on earth is that a bug in Ubuntu? Users simply shouldn't do such
stupid things...</quote>
This happens when installing with the Ubuntu install disk. It asks for a hostname, however the hostname doesn't get updated in the /etc/hosts files. Then when users first log in, they are confronted with "sudo: unable to lookup <host> via gethostbyname()". Quotes like "Users shouldn't do such stupid things" is harmful. When you are logged in to a site to help people, please try to do no harm.

Alexandre Otto Strube (surak) wrote :

Kamion, you said the technology to make this was present, but that was six months ago. Any news on this issue? Is there a plan to do? Perhaps we should just change it to wishlist and wait for discussion on the next release cycle.

jpkotta (jpkotta) wrote :

I have written and (minimally) tested the following script. It gets run at bootup before anything else. It only fixes null hostnames, because I don't know exactly what entails a legal hostname string.

<script>
#!/bin/sh

PATH=/bin

default=ubuntu

if [[ -z `hostname` ]] ; then
   hostname $default

    cp /etc/hosts /etc/hosts.bck
    fix="127.0.0.1 localhost.localdomain localhost ${default}"
    sed -i -re "s/^[[:space:]]*(127\.0\.0\.1.*)$/${fix}\n# \1/" /etc/hosts

   cp /etc/hostname /etc/hostname.bck
   echo $default > /etc/hostname
</script>

Put it in /etc/init.d/fix_hostname. Install with "update-rc.d fix_hostname start 01".

Colin Watson (cjwatson) on 2006-05-01
Changed in rescue:
status: Unconfirmed → Confirmed

For reference, the sudo requirement of gethosbyname() is bug 32906.

Colin Watson (cjwatson) on 2007-04-21
Changed in rescue:
assignee: kamion → nobody
Thomas Hood (jdthood) wrote :

jpkotta wrote:
> I think the script would have to make the first line of /etc/hosts and /etc/hostname agree
> in order to be successful, i.e. '127.0.0.1 localhost.localdomain localhost foobar' and 'foobar',
> respectively.

/etc/hostname and /etc/hosts should indeed agree, but not in the way you suggest,
since that is non-standard for Debian and Ubuntu.

/etc/hosts should look like this, where /etc/hostname contains "foo":

    127.0.0.1 localhost
    127.0.1.1 foo

There is no need to list "localhost.localdomain" since that is a RedHat-ism.

Do not list "foo" as an alias for "localhost", otherwise there is no unique IP address
for "foo" and/or the canonical hostname of "foo" becomes "localhost", which is bad.

If foo has a permanent IP address (e.g., 123.45.67.89) and fully qualified domain name ("foo.bar.com") then /etc/hosts should look like this:

    127.0.0.1 localhost
    123.45.67.89 foo.bar.com foo

See http://www.debian.org/doc/manuals/reference/ch-gateway.en.html and hosts(5).

Colin Watson (cjwatson) on 2009-01-21
Changed in rescue:
assignee: nobody → kamion
Changed in baltix:
status: New → Invalid
Colin Watson (cjwatson) on 2011-01-05
Changed in rescue (Ubuntu):
status: Confirmed → Triaged
assignee: Colin Watson (cjwatson) → nobody
ray (arkibott) wrote :

i don't want sudo to make network lookups. i want a option to restrict it to local only operation.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.