[Bug 768625] Re: user prompted for sudo changes on upgrade in ec2/uec image

Launchpad Bug Tracker 768625 at bugs.launchpad.net
Mon May 30 06:25:39 UTC 2011

** Branch linked: lp:ubuntu/natty-proposed/sudo

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.

  user prompted for sudo changes on upgrade in ec2/uec image

Status in Release Notes for Ubuntu:
Status in “sudo” package in Ubuntu:
  Fix Released
Status in “sudo” source package in Natty:
  Fix Committed
Status in “sudo” source package in Oneiric:
  Fix Released

Bug description:
  Binary package hint: sudo

  This is a much less sever bug than bug 761689.

  Instead of *not* being prompted, and being permanently locked out of
  sudo, the user is shown a prompt asking what to do about hte
  differences in sudo configuration, and suggesting they use sudo.d.

  In the limited case of EC2/UEC images, we can recognize that they're
  using an unmodified sudo file and appropriately write a sudo.d entry
  for them.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: sudo 1.7.4p4-5ubuntu7
  ProcVersionSignature: User Name 2.6.38-8.42-virtual
  Uname: Linux 2.6.38-8-virtual i686
  Architecture: i386
  Date: Thu Apr 21 21:51:09 2011
  Ec2AMI: ami-a6f504cf
  Ec2AMIManifest: ubuntu-images-us/ubuntu-maverick-10.10-i386-server-20101225.manifest.xml
  Ec2AvailabilityZone: us-east-1c
  Ec2InstanceType: m1.small
  Ec2Kernel: aki-407d9529
  Ec2Ramdisk: unavailable
  SourcePackage: sudo
  UpgradeStatus: Upgraded to natty on 2011-04-21 (0 days ago)

  == natty release note ==
  When upgrading a UEC Image to 11.04 on EC2 or UEC, the user will be prompted regarding changes to local file /etc/sudoers.  Selecting "Accept the maintainer's version" will result in the 'ubuntu' user losing access to sudo.  Instead, select the default response "keep your currently-installed version" (N).

  == SRU Information ==
   * Impact: This bug affects upgrade from 10.10 to 11.04 on the "UEC Images" only.  UEC Images come with a 'ubuntu' user pre-configured with passwordless sudo access.  Upon upgrade of sudo, if the user selects "Accept the Maintainer's version" of the sudoers file, then they will lose sudo access entirely.
   * How Bug is addressed: The bug is fixed by modifying the pre-install script of sudo to recognize the particular md5sum of /etc/sudoers that exists in UEC images.  If that md5sum is found, then the stock /etc/sudoers file is laid down, and the 'ubuntu user' specific sudoers stanza is written to /etc/sudoers.d/90-cloud-ubuntu .
   * Patch: The changes for this fix are available at http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/sudo/oneiric/revision/49 .
   * Regression Potential: The regression potential here should be *very* low.  The only time where different codepath will be taken is if /etc/sudoers has a known md5sum.
     * Launch an EC2 instance of 10.10.
     * ssh in as 'ubuntu at host'
     * enable -proposed
     * sudo apt-get update
     * sudo do-release-upgrade
     * The user will not be prompted for merge of /etc/sudoers
     * After upgrade, user still has passwordless sudo access.
     * Note: if the fix was not availale (ie, proposed not enabled) then the user will be prompted for merge of /etc/sudoers.

More information about the foundations-bugs mailing list