[Bug 768625] Re: user prompted for sudo changes on upgrade in ec2/uec image
Launchpad Bug Tracker
768625 at bugs.launchpad.net
Mon May 30 06:25:39 UTC 2011
** Branch linked: lp:ubuntu/natty-proposed/sudo
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
user prompted for sudo changes on upgrade in ec2/uec image
Status in Release Notes for Ubuntu:
Status in “sudo” package in Ubuntu:
Status in “sudo” source package in Natty:
Status in “sudo” source package in Oneiric:
Binary package hint: sudo
This is a much less sever bug than bug 761689.
Instead of *not* being prompted, and being permanently locked out of
sudo, the user is shown a prompt asking what to do about hte
differences in sudo configuration, and suggesting they use sudo.d.
In the limited case of EC2/UEC images, we can recognize that they're
using an unmodified sudo file and appropriately write a sudo.d entry
DistroRelease: Ubuntu 11.04
Package: sudo 1.7.4p4-5ubuntu7
ProcVersionSignature: User Name 2.6.38-8.42-virtual 188.8.131.52
Uname: Linux 2.6.38-8-virtual i686
Date: Thu Apr 21 21:51:09 2011
UpgradeStatus: Upgraded to natty on 2011-04-21 (0 days ago)
== natty release note ==
When upgrading a UEC Image to 11.04 on EC2 or UEC, the user will be prompted regarding changes to local file /etc/sudoers. Selecting "Accept the maintainer's version" will result in the 'ubuntu' user losing access to sudo. Instead, select the default response "keep your currently-installed version" (N).
== SRU Information ==
* Impact: This bug affects upgrade from 10.10 to 11.04 on the "UEC Images" only. UEC Images come with a 'ubuntu' user pre-configured with passwordless sudo access. Upon upgrade of sudo, if the user selects "Accept the Maintainer's version" of the sudoers file, then they will lose sudo access entirely.
* How Bug is addressed: The bug is fixed by modifying the pre-install script of sudo to recognize the particular md5sum of /etc/sudoers that exists in UEC images. If that md5sum is found, then the stock /etc/sudoers file is laid down, and the 'ubuntu user' specific sudoers stanza is written to /etc/sudoers.d/90-cloud-ubuntu .
* Patch: The changes for this fix are available at http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/sudo/oneiric/revision/49 .
* Regression Potential: The regression potential here should be *very* low. The only time where different codepath will be taken is if /etc/sudoers has a known md5sum.
* TEST CASE:
* Launch an EC2 instance of 10.10.
* ssh in as 'ubuntu at host'
* enable -proposed
* sudo apt-get update
* sudo do-release-upgrade
* The user will not be prompted for merge of /etc/sudoers
* After upgrade, user still has passwordless sudo access.
* Note: if the fix was not availale (ie, proposed not enabled) then the user will be prompted for merge of /etc/sudoers.
More information about the foundations-bugs