Ubuntu
smb4k package

smb4k super user privileges leaves wrong permissions on /etc/sudoers

Bug #683071 reported by Kevin Rogers
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
smb4k (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: smb4k

While trying to work out ways for users in our office to mount Samba shares on demand, I decided Smb4K would be our best option - but had problems with current releases of Samba not allowing normal users to mount Samba shares (even with the setuid bit set).

I then found the "Super User" configuration option in Smb4K would let normal users do the right thing, so I checked the "Use super user privileges to mount and unmount shares" option on the "Super User" configuration tab, clicked apply and entered my password to allow Smb4K to write changes to the /etc/sudoers file - I got no errors.

I then tried to mount a Samba share and got the following error message details:

sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting

So, I tried to correct the permissions on /etc/sudoers and was greeted with the same message at the command line:

krogers@kevin-desktop:/etc$ sudo chmod 0440 /etc/sudoers
sudo: /etc/sudoers is mode 0640, should be 0440
sudo: no valid sudoers sources found, quitting

In order to get administrative capabilities back, I had to reboot with a live cd in order to gain root access and correct the file permissions.

In addition, Smb4k seems to have made other changes to /etc/sudoers - see the attached patch for a comparison of /etc/sudoers off the livecd with the version on my computer after Smb4k modified it (unfortunately I did not have a backup of my /etc/sudoers file from before Smb4k modified it, but I have never modified /etc/sudoers since installing Ubuntu). In particular I'm not sure of the consequences of the changes relating to the sudo and admin groups.

Revision history for this message
Kevin Rogers (kevin-rogers) wrote :
Revision history for this message
Renato S. Yamane (renatoyamane) wrote :

Exactly the same problem.
After install smb4k I can't use "sudo su" anymore.

Revision history for this message
Steve Cunningham (icl) wrote :

So for now I could care less about the smb4k and more about fixing the the problem it caused.

Does anyone have a fix to repair the sudoers

and should it really be 0440 is that confirmed true ?

Revision history for this message
Steve Cunningham (icl) wrote :

well for now I restored the sudoers to operate normally by selecting recovery mode when the system is booting up

Then visudo command

And comment out the lines which Smb4k has added for some reason

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL

# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
#%sudo ALL=(ALL) ALL

#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Entries for Smb4K users.
# Generated by Smb4K. Please do not modify!
#User_Alias SMB4KUSERS = agent86
#Defaults:SMB4KUSERS env_keep += "PASSWD USER"
#SMB4KUSERS agent86-S2865 = NOPASSWD: /usr/bin/smb4k_kill
#SMB4KUSERS agent86-S2865 = NOPASSWD: /usr/bin/smb4k_umount
#SMB4KUSERS agent86-S2865 = NOPASSWD: /usr/bin/smb4k_mount
# End of Smb4K user entries.

All entries are commented out and the only thing that is not commented are these:

Defaults env_reset
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL

note that smb4k also had changed this line to read:
#
%sudo ALL=(ALL) ALL

which I'm not sure if it should be commented or not so I commented this out until i can figure out how to edit these smb4k lines so that I can actually use the program

Anyhow this won't solve your smb4k troubles but at least will restore you ability to use sudo
I hope this helps

Revision history for this message
Mario Splivalo (mariosplivalo) wrote :

I can confirm this.
Installed smb4k, went to 'settings - Configure smb4k', under 'super user', changed any setting, clicked apply. After that, permissions of the file changed from 440 to 640.

Rebooted in recovery mode (root shell), changed permissions back to 440:

chmod 440 /etc/sudoers

Rebooted, and sudo is working again.

Revision history for this message
Piedro Kulman (piedro) wrote :

Same here! Had to fix it also after one time testing out smb4k in Ubuntu Maverick!

I don't understand how the importance of an application so messed up that it changes administrative core system functionality is listed as "undecided". This is annoying as hell and simply by using google search this problem pops up everywhere!

This bug is important!

thx for reading,
piedro

Revision history for this message
Charnjit SiNGH (webdevhud) wrote :

This bug just hit me as I was having a gander at smb4k.

Completely unacceptable as I can't take this system down for at least another few days, as it's serving files to multiply users constantly, but now I can't do anything su.

This is a major problem for systems that can't afford downtime.

This must be marked confirmed!

Revision history for this message
Charnjit SiNGH (webdevhud) wrote :

UPDATE: This bug has been fixed in v0.10.9 of Smb4K!

See:

http://developer.berlios.de/bugs/?func=detailbug&bug_id=17653&group_id=769

https://developer.berlios.de/project/shownotes.php?release_id=17910

Can be marked as fixed & closed...

^_^

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.