latest natty sudo upgrade prompts for conffile update and potentially removes %admin from /etc/sudoers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
Fix Released
|
High
|
Canonical Foundations Team | ||
Natty |
Fix Released
|
High
|
Canonical Foundations Team |
Bug Description
Binary package hint: sudo
Configuration file /etc/sudoers has changed:
Setting up sudo (1.7.4p4-5ubuntu1) ...
Configuration file `/etc/sudoers'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** sudoers (Y/I/N/O/D/Z) [default=N] ?
Looking at the diff...
--- /etc/sudoers 2010-12-13 12:09:29.000000000 -0600
+++ /etc/sudoers.
@@ -1,10 +1,11 @@
-# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
# See the man page for details on how to write a sudoers file.
#
-
Defaults env_reset
# Host alias specification
@@ -14,14 +15,9 @@
# Cmnd alias specification
# User privilege specification
-root ALL=(ALL) ALL
+root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
-# (Note that later entries override this, so you might need to move
-# it further down)
-%sudo ALL=(ALL) ALL
-#
-#includedir /etc/sudoers.d
+%sudo ALL=(ALL:ALL) ALL
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
+#includedir /etc/sudoers.d
The part that really, really, really sucks is -%admin ALL=(ALL) ALL. That will remove sudo privileges from your admin user. Very likely, you your very self.
This needs to be fixed ASAP.
Related branches
Changed in sudo (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Critical |
summary: |
- latest natty sudo upgrade removes admin from /etc/sudoers + latest natty sudo upgrade prompts for conffile update and potentially + removes %admin from /etc/sudoers |
Changed in sudo (Ubuntu Natty): | |
milestone: | none → ubuntu-11.04-beta |
tags: | added: iso-testing |
tags: | added: natty |
Changed in sudo (Ubuntu Natty): | |
assignee: | nobody → Canonical Foundations Team (canonical-foundations) |
tags: | added: patch |
Changed in sudo (Ubuntu Natty): | |
status: | Triaged → In Progress |
Looks like Debian has made /etc/sudoers a conffile, when it wasn't one before.