[Bug 768625] Re: user prompted for sudo changes on upgrade in ec2/uec image
Scott Moser
smoser at canonical.com
Tue May 24 19:15:38 UTC 2011
** Description changed:
Binary package hint: sudo
This is a much less sever bug than bug 761689.
Instead of *not* being prompted, and being permanently locked out of
sudo, the user is shown a prompt asking what to do about hte differences
in sudo configuration, and suggesting they use sudo.d.
In the limited case of EC2/UEC images, we can recognize that they're
using an unmodified sudo file and appropriately write a sudo.d entry for
them.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: sudo 1.7.4p4-5ubuntu7
ProcVersionSignature: User Name 2.6.38-8.42-virtual 2.6.38.2
Uname: Linux 2.6.38-8-virtual i686
Architecture: i386
Date: Thu Apr 21 21:51:09 2011
Ec2AMI: ami-a6f504cf
Ec2AMIManifest: ubuntu-images-us/ubuntu-maverick-10.10-i386-server-20101225.manifest.xml
Ec2AvailabilityZone: us-east-1c
Ec2InstanceType: m1.small
Ec2Kernel: aki-407d9529
Ec2Ramdisk: unavailable
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: Upgraded to natty on 2011-04-21 (0 days ago)
== natty release note ==
When upgrading a UEC Image to 11.04 on EC2 or UEC, the user will be prompted regarding changes to local file /etc/sudoers. Selecting "Accept the maintainer's version" will result in the 'ubuntu' user losing access to sudo. Instead, select the default response "keep your currently-installed version" (N).
+
+ == SRU Information ==
+ * Impact: This bug affects upgrade from 10.10 to 11.04 on the "UEC Images" only. UEC Images come with a 'ubuntu' user pre-configured with passwordless sudo access. Upon upgrade of sudo, if the user selects "Accept the Maintainer's version" of the sudoers file, then they will lose sudo access entirely.
+ * How Bug is addressed: The bug is fixed by modifying the pre-install script of sudo to recognize the particular md5sum of /etc/sudoers that exists in UEC images. If that md5sum is found, then the stock /etc/sudoers file is laid down, and the 'ubuntu user' specific sudoers stanza is written to /etc/sudoers.d/90-cloud-ubuntu .
+ * Patch: The changes for this fix are available at http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/sudo/oneiric/revision/49 .
+ * Regression Potential: The regression potential here should be *very* low. The only time where different codepath will be taken is if /etc/sudoers has a known md5sum.
+ * TEST CASE:
+ * Launch an EC2 instance of 10.10.
+ * ssh in as 'ubuntu at host'
+ * enable -proposed
+ * sudo apt-get update
+ * sudo do-release-upgrade
+ * The user will not be prompted for merge of /etc/sudoers
+ * After upgrade, user still has passwordless sudo access.
+ * Note: if the fix was not availale (ie, proposed not enabled) then the user will be prompted for merge of /etc/sudoers.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/768625
Title:
user prompted for sudo changes on upgrade in ec2/uec image
Status in Release Notes for Ubuntu:
New
Status in “sudo” package in Ubuntu:
Fix Released
Status in “sudo” source package in Natty:
In Progress
Status in “sudo” source package in Oneiric:
Fix Released
Bug description:
Binary package hint: sudo
This is a much less sever bug than bug 761689.
Instead of *not* being prompted, and being permanently locked out of
sudo, the user is shown a prompt asking what to do about hte
differences in sudo configuration, and suggesting they use sudo.d.
In the limited case of EC2/UEC images, we can recognize that they're
using an unmodified sudo file and appropriately write a sudo.d entry
for them.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: sudo 1.7.4p4-5ubuntu7
ProcVersionSignature: User Name 2.6.38-8.42-virtual 2.6.38.2
Uname: Linux 2.6.38-8-virtual i686
Architecture: i386
Date: Thu Apr 21 21:51:09 2011
Ec2AMI: ami-a6f504cf
Ec2AMIManifest: ubuntu-images-us/ubuntu-maverick-10.10-i386-server-20101225.manifest.xml
Ec2AvailabilityZone: us-east-1c
Ec2InstanceType: m1.small
Ec2Kernel: aki-407d9529
Ec2Ramdisk: unavailable
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: Upgraded to natty on 2011-04-21 (0 days ago)
== natty release note ==
When upgrading a UEC Image to 11.04 on EC2 or UEC, the user will be prompted regarding changes to local file /etc/sudoers. Selecting "Accept the maintainer's version" will result in the 'ubuntu' user losing access to sudo. Instead, select the default response "keep your currently-installed version" (N).
== SRU Information ==
* Impact: This bug affects upgrade from 10.10 to 11.04 on the "UEC Images" only. UEC Images come with a 'ubuntu' user pre-configured with passwordless sudo access. Upon upgrade of sudo, if the user selects "Accept the Maintainer's version" of the sudoers file, then they will lose sudo access entirely.
* How Bug is addressed: The bug is fixed by modifying the pre-install script of sudo to recognize the particular md5sum of /etc/sudoers that exists in UEC images. If that md5sum is found, then the stock /etc/sudoers file is laid down, and the 'ubuntu user' specific sudoers stanza is written to /etc/sudoers.d/90-cloud-ubuntu .
* Patch: The changes for this fix are available at http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/oneiric/sudo/oneiric/revision/49 .
* Regression Potential: The regression potential here should be *very* low. The only time where different codepath will be taken is if /etc/sudoers has a known md5sum.
* TEST CASE:
* Launch an EC2 instance of 10.10.
* ssh in as 'ubuntu at host'
* enable -proposed
* sudo apt-get update
* sudo do-release-upgrade
* The user will not be prompted for merge of /etc/sudoers
* After upgrade, user still has passwordless sudo access.
* Note: if the fix was not availale (ie, proposed not enabled) then the user will be prompted for merge of /etc/sudoers.
More information about the Ubuntu-sponsors
mailing list