Ubuntu
vm-builder package

vmbuilder and /etc/sudoers template missing "sudo" group support

Bug #994199 reported by Chris Samaritoni
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
vm-builder (Ubuntu)
Triaged
High
Serge Hallyn

Bug Description

I noticed when creating a 12.04 VM with vmbuilder, the template file /etc/vmbuilder/ubuntu/sudoers.tmpl that is used to generate the /etc/sudoers appears to be quite outdated. From my understanding on 12.04 you are supposed to use the "sudo" group for putting users in, to allow sudo access and "admin" was just hanging around for backward compatibility. The template file does not include a "sudo" entry in the /etc/sudoers

Current template:
----
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Defaults

Defaults !lecture,tty_tickets,!fqdn

# Uncomment to allow members of group sudo to not need a password
# %sudo ALL=NOPASSWD: ALL

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
----

I modified the /etc/vmbuilder/ubuntu/sudoers.tmpl to match a typical phyical install (ie, from CD) and my issue was solved.

Modified template file:
----
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "\#include" directives:

#includedir /etc/sudoers.d
----

See original description
Chris Samaritoni (9e9o1ko8b2f5xp-fvlbw-0zxvj9hhx1hzo5)
description: updated
Revision history for this message
Chris Samaritoni (9e9o1ko8b2f5xp-fvlbw-0zxvj9hhx1hzo5) wrote :

If and when the template is updated, when you supply the default user to add to the system when you build the VM, they should be added to "sudo" group and not the "admin" group.

Serge Hallyn (serge-hallyn)
Changed in vm-builder (Ubuntu):
status: New → Confirmed
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Will Bryant (willbryant) wrote :

Chris, could you check whether the sudoers file on the host has the sudo group?

Revision history for this message
Will Bryant (willbryant) wrote :

There hasn't been any activity on this bug for a while, and I suspect it's not really a bug. I think the file gets copied from the host, so an out-of-date host will result in this behavior?

Revision history for this message
Jeffrey Wildman (jeffrey-wildman) wrote :

I am experiencing similar issues. The host machine is Ubuntu 13.04 Server 64-bit. The host /etc/sudoers file contains the sudo group. Any VMs built contain an /etc/sudoers file without mention of the sudo group.

Further, the line including the contents of the directory /etc/sudoers.d/ is missing (should I file a separate bug report?). Both issues appear as though they'd be fixed by updating the sudoers.tmpl template.

Revision history for this message
Marius Gedminas (mgedmin) wrote :

This is still a problem with ubuntu-vm-builder 0.12.4+bzr494-0ubuntu1 in 16.04 LTS.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I'm working through confirmed, but too-long-idle bugs and this is one of them.
vm-builder in particular is not only "only universe" - it also is somewhat discontinued and considering usage mostly replaced by "uvtool".

That said the bug is still valid (if one comes up with a fix to be sponsored), but looking at the time this is idle we need to face it that it is not in the focus of the Ubuntu server team, so I'm unsubscribing it to properly reflect that.

Revision history for this message
Emilian Mitocariu (emilian94) wrote :

We made a fork of vmbuilder over here https://github.com/newroco/vmbuilder and removed the part where vmbuilder installs /etc/sudoers from template. That allows ubuntu to use the correct /etc/sudoers which also solves this problem https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/1618899, fixed issue is here https://github.com/newroco/vmbuilder/issues/5

We also modified vmbuilder to add the user supplied with --user to group sudo, issue fixed here https://github.com/newroco/vmbuilder/issues/8

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Serge,
as you offered help to upload vmbuilder fixes to Dev and SRU and the outcome of bug 1260062 I assigned you here.
If you are no more able to do so please let me know and unassign yourself.

Changed in vm-builder (Ubuntu):
assignee: nobody → Serge Hallyn (serge-hallyn)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.