Ubuntu
sudo package

Upstart and Sudo - Email for root

Bug #627472 reported by Johnnytk36
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I posted this on the ubuntu forums. I cant tell if its a upstart issue or a way something is implemented. If it is a upstart issue, i want to help yall fix it.

I am getting a weird issue.

I am running 10.04 of Ubuntu. I have Postfix mail server installed and set to send alerts.

When I have the following script in the in a /etc/init/airvideo.conf file as described here http://wiki.birth-online.de/know-how/hardware/apple-iphone/airvideo-server-linux.

[code]start on runlevel [2345]
stop on shutdown
respawn

exec sudo -H -n -u johnnytk36 /usr/bin/java -jar /home/johnnytk36/AVS/AirVideoServerLinux.jar /home/johnnytk36/AVS/avs.properties[/code]When i boot up the Air Video server starts perfectly and i have no issues with it. What im having a issue with is that IF i have the airvideo.conf file in the etc/init/ folder like it needs to be to boot i receive a email from my Postfix server with the subject.
[code]*** SECURITY information for Server ***[/code]& a body of [code]Server : Aug 30 18:30:30 : root : ***
[/code]The *** in the body is usually some random strange combo of a few characters.

I think it has to do with permissions, i just don't know where the issue is. I think the email is trying to tell me that something tried to guess my root pass.

I know this said it was for Karmic Linux and it I'm using Lucid. That might be the issue, i don't know.

UPDATE: After spending 6 hours debugging this all i could, i cant figure it out. I have narrowed it down to the fact that we are using the sudo command while already in root. I think that triggers the email to be sent. It seems to be bypassing any setting i can think of to stop this. I have tried to edit the sudoers file to not allow email sent, but no matter what i did. It didn't work.

This is what i added to the sudoers file:

[CODE]Defaults mail_always=off
Defaults mail_badpass=off
Defaults mail_no_user=off
Defaults mail_no_host=off
Defaults mail_no_perms=off[/CODE]Here is the auth log output:

[CODE]Aug 31 02:05:21 Server sudo: root : TTY=unknown ; PWD=/ ; USER=johnnytk36 ; COMMAND=/bin/bash -c /usr/bin/java -Djava.awt.headless=true -jar /opt/AVS/AirVideoServerLinux.jar /opt/AVS/avs.properties[/CODE]Could if be the fact that the sudeurs file is only readable by root?

Any help is appreciated.

I've given up for now and I'm just going to do a filter in Gmail to delete the email as soon as it comes in. This might be a true bug, but i dont care anymore. If anyone else using 10.04 sees this, let me know, so i know i'm not alone.

http://www.sudo.ws/sudo/sudoers.man.html

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Transferring this to Ubuntu sudo

affects: upstart → null
Changed in null:
status: New → Invalid
Revision history for this message
Jarda Benkovsky (edheldil001) wrote :

We have the same or a very similar issue on one Lucid server here. Each time I start sudo it immediately sends email looking like below. The binary garbage is different in each email sent. I have no mail_always set in /etc/sudoers nor /etc/sudoers.d/*

Version: 1.7.2p1-1ubuntu5.2 (the same with ubuntu5.1)

To: <email address hidden>
From: <email address hidden>
Auto-Submitted: auto-generated
Subject: *** SECURITY information for server ***
Message-Id: <email address hidden>
Date: Fri, 24 Sep 2010 13:12:42 +0200 (CEST)

server : Sep 24 13:12:42 : myusername : °Éč

Curtis Hovey (sinzui)
no longer affects: null
Revision history for this message
Steve Langasek (vorlon) wrote :

You should not use 'sudo' to change uids in upstart jobs, as this opens a pam session. You should use the 'start-stop-daemon' command instead.

Changed in sudo (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.