Sudo Lockout - unable to get root priv. - no hostname

Bug #9471 reported by G-eco on 2004-10-26
20
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Medium
Thom May

Bug Description

Sudo stopped working after I setup Ubuntu and updated on a lan, then removed the
network card after I was finished (The machine was shipped for modem operation
only). None of the gksudo functions on the desktop or sudo in a terminal were
working anymore and I could not get access to change anything because sudo was
the only way to do this (??).

It seemed as tho the machine had lost it's hostname.

Re-booted in admin mode and added 127.0.0.1 with hostname to /etc/hosts and all
working again -;)

Probably a good idea not to let this happen in future. Maybe just an enhancement:

Ensure that the networking applet retains essential config's when adding /
removing interfaces.

~~~~~~~~~~~~~~~~

Matt Zimmerman (mdz) wrote :

I don't think we can correct the situation without more information about what
happened. Removing a network card should not affect the system's hostname. Are
you sure that the hostname changed? What error message did you see from sudo on
the command line?

G-eco (ubuntu-andrepio) wrote :

Sudo on the cmd line says something like "Unknown host [hostname]", then fails
authentication. The machine still boot's up with the correct hostname (as
displayed on the prompt). My hack was: Boot in failsafe, add the hostname in
/etc/hosts with the loopback addr - then sudo worked ok.

Summary of how I got into this situation:
-Ubuntu install
-Ubuntu update -> Network eth0
-deactivate eth0
-Remove eth0
-install ppp0 (only active on maual dial)
-reboot, sudo not working, + can't ping [hostname] from cmd line.

possibly an issue of name resolution on a machine with no active interfaces, and
no named definition for loopback either. No idea of what was in the config files
before I had the problem, only that /etc/hosts was empty when I did have the
problem (no localhost entry or any other host definition).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Matt Zimmerman (mdz) wrote :

sudo really shouldn't bother resolving anything unless there are host-specific
clauses in sudoers...this shouldn't break it.

What does Apple do, I wonder?

Thom May (thombot) wrote :

*** Bug 11318 has been marked as a duplicate of this bug. ***

Chuck Short (zulcss) wrote :

According to the sudoers manual:

"Beware that turning on fqdn requires sudo to make DNS lookups which may make
sudo unusable if DNS stops working (for example if the machine is not plugged
into the network). Also note that you must use the host's official name as DNS
knows it. That is, you may not use a host alias (CNAME entry) due to performance
issues and the fact that there is no way to get all aliases from DNS. If your
machine's hostname (as returned by the hostname command) is already fully
qualified you shouldn't need to set fqdn. This flag is off by default."

In the debian/rules for sudoers fqdn is turned on with the "--with-fqdn"

Regards
chuck

Thom May (thombot) wrote :

(In reply to comment #5)
> According to the sudoers manual:
>
> "Beware that turning on fqdn requires sudo to make DNS lookups which may make
> sudo unusable if DNS stops working (for example if the machine is not plugged
> into the network). Also note that you must use the host's official name as DNS
> knows it. That is, you may not use a host alias (CNAME entry) due to performance
> issues and the fact that there is no way to get all aliases from DNS. If your
> machine's hostname (as returned by the hostname command) is already fully
> qualified you shouldn't need to set fqdn. This flag is off by default."
>
We can probably safely turn this off for new installs then and document that it
needs to be on for host based aliases
in README and in the sudoers file.

Chuck Short (zulcss) wrote :

Created an attachment (id=1186)
Turn off fqdn

This patch should do the trick.

Thom May (thombot) wrote :

Nope, that breaks the golden rule - behaviour change for people who already have
sudo installed.
We'll have to turn it off in the sudoers we install, not in the app.

Thom May (thombot) wrote :

sudo (1.6.8p5-1ubuntu2) hoary; urgency=low

  * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
    resolve (Ubuntu: 2772)

 -- Thom May <email address hidden> Wed, 2 Mar 2005 20:34:20 +0000
Note that this will not change the sudoers on already installed machines; to
change the defaults, add !fqdn to the Defaults line
using visudo

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.