[Bug 365178] New: yast2 sudoers will put line ALL ALL = (ALL) ALL wrong into /etc/sudoers
https://bugzilla.novell.com/show_bug.cgi?id=365178 Summary: yast2 sudoers will put line ALL ALL = (ALL) ALL wrong into /etc/sudoers Product: openSUSE 10.3 Version: Final Platform: All OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: fnmueller@opensuse.org QAContact: jsrain@novell.com Found By: Other When configuring /etc/sudoers via yast2 --> security --> sudo to not ask for root password upon a certain command it will put the "ALL ALL = (ALL) ALL" line in the wrong place, causing sudo still to ask for the root password. It is: marcel ALL = (%root) NOPASSWD: /etc/init.d/smb start,/sbin/shutdown -h +60 ALL ALL = (ALL) ALL It should be: ALL ALL = (ALL) ALL marcel ALL = (%root) NOPASSWD: /etc/init.d/smb start,/sbin/shutdown -h +60 Even worse, yast will change back the sudoers file to : marcel ALL = (%root) NOPASSWD: /etc/init.d/smb start,/sbin/shutdown -h +60 ALL ALL = (ALL) ALL when adding a new command. Even though I used visudo to force ALL ALL = (ALL) ALL to be the first line. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User fnmueller@opensuse.org added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c1 --- Comment #1 from Felix-Nicolai Müller <fnmueller@opensuse.org> 2008-02-27 05:54:29 MST --- I just realized this big might be connected: https://bugzilla.novell.com/show_bug.cgi?id=339925 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 Felix-Nicolai Müller <fnmueller@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 Cyril Hrubis <chrubis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |kmachalkova@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User kmachalkova@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c2 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |fnmueller@opensuse.org --- Comment #2 from Katarina Machalkova <kmachalkova@novell.com> 2008-03-03 02:41:37 MST --- Can you please try to reproduce (e.g. with clean sudoers file) and attach yast logs? Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User fnmueller@opensuse.org added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c3 --- Comment #3 from Felix-Nicolai Müller <fnmueller@opensuse.org> 2008-03-03 08:56:49 MST --- Created an attachment (id=198289) --> (https://bugzilla.novell.com/attachment.cgi?id=198289) Screenshot showing how sudo can be broken I added this picture to actually show how /etc/sudoers can be broken using yast. So it is really clear what we are talking about. /var/log/YaST2 will follow promply. And yes, I am aware that it is weird to add single commands like this, but this was done on purpose. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User fnmueller@opensuse.org added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c4 Felix-Nicolai Müller <fnmueller@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|fnmueller@opensuse.org | --- Comment #4 from Felix-Nicolai Müller <fnmueller@opensuse.org> 2008-03-03 09:13:12 MST --- Created an attachment (id=198292) --> (https://bugzilla.novell.com/attachment.cgi?id=198292) Log Files /var/log/YaST2 The requested log files. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User kmachalkova@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c5 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |ast@novell.com --- Comment #5 from Katarina Machalkova <kmachalkova@novell.com> 2008-11-18 09:41:06 MST --- This is (hopefully) resolved for openSUSE 11.1 (bug #439164) Anja, do we want (probably only optional) online update here, for openSUSE 10.3 and 11.0? On one hand, currently yast2-sudo can re-shuffle the rules in sudoers file in such a way that rules added by the user have no effect. On the other hand, to resolve the issue, great part of the module had to be rewritten and the final diff has 1597 lines. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User dmueller@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c6 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|ast@novell.com | --- Comment #6 from Dirk Mueller <dmueller@novell.com> 2008-11-19 17:49:21 MST --- no update here, if it is fixed for 11.1.patch is too intrusive for backporting and limited numbers of users affected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=365178 User kmachalkova@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=365178#c7 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX --- Comment #7 from Katarina Machalkova <kmachalkova@novell.com> 2008-11-20 01:54:39 MST --- Wontfix for 11.0, 10.3 and anything older then. I'm sorry -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com