Ubuntu
sudo package

Regular user can't start admin application with sudo as specified in sudoers

Bug #92401 reported by Fabián Rodríguez
4
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: sudo

I am using a clean install from Ubuntu Dapper 6.06.1 (LTS), fully update, only main repository.

My scenario is as follows:
1) Add a new user "test"
2) Add this line below "root..." using sudo visudo:
test ALL= /usr/bin/network-admin

Problem: sudo network-admin returns errors about the X session:

test@ubuntu:~$ sudo network-admin > t.txt
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

(network-admin:12619): Gtk-WARNING **: cannot open display:

xhost + permits the command to go through as expected but I don't know how to make this behavior persistent and I'd like to only need to modify sudoers.

Expected results: test user can only run network-admin after providing his password

The same configuration gives the expected result under Edgy, though. I'd like to clarify that upgrading is not an option, as the LTS version is used for, well, Long Term Support purposes :) This will probably be escalated as a customer-reported bug.

See original description
Fabián Rodríguez (magicfab)
description: updated
Revision history for this message
Jonathan Riddell (jr) wrote :

There's nothing in sudo to give the new user X permissions, so I wouldn't expect this to work. gksudo and kdesu should work, however kdesu can't be restricted by application because it goes through kdesu_stub so it needs sudoers acces to that which gives access to all applications.

Revision history for this message
Fabián Rodríguez (magicfab) wrote :

gksudo relies on sudo it seems. When I try that, I get a graphical dialog with this message:

Failed to run network admin

The underlying authorization mechanism (sudo) does not allow you to run this program Contact the system administrator.

Any other ideas on how we can accomplish this ?

Revision history for this message
Fabián Rodríguez (magicfab) wrote :

I have new information. text-only commands do work as xepected. Network manager uses GNOME panel settings and relies on GNOME processes inheriting or escalating the privileges of the requisite subroutines. As only network-manager is specified as an allowable sudo binary, the system (quite rightly) refuses to allow the sub-processes upon which n-m depends to run as root. So n-m bails.

How can I find out which processes n-m is dependant on ?

Revision history for this message
Martin Pitt (pitti) wrote :

This works fine for me in 8.10. Please yell and reopen if it is still a problem for you, then we'll debug this further.

Changed in sudo:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.