Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
poulpillusionOffline
Post subject: Warning : sudoers file changed  PostPosted: 04.12.2010, 16:39



Joined: 2010-10-12
Posts: 6

Status: Offline
Last upgrade modified my /etc/sudoers file. It asked me if I wanted to install maintainers file and that's what I chose.

Since then, I could no longer sudo !

Hopefully, I had backuped my sudoers file before I chose to install the maintainers one...

Be careful !
 
 View user's profile Send private message  
Reply with quote Back to top
towoOffline
Post subject:   PostPosted: 04.12.2010, 16:45



Joined: 2010-09-13
Posts: 497
Location: Pößneck / Thüringen
Status: Offline
      Quote:
I chose to install the maintainers one...

Why?
 
 View user's profile Send private message  
Reply with quote Back to top
hubiOffline
Post subject:   PostPosted: 04.12.2010, 17:02
Moderator


Joined: 2010-09-11
Posts: 228
Location: Vienna (AT)
Status: Offline
Since asking if you want to keep your custom configuration or reinstall the maintainer's default configuration is the perfect and sane way to do it, it is not an upgrade warning, so I moved this thread to "software". It is default behaviour in Debian and apt offers you "No" as default action (not changing your custom configuration).

You chose to have your custom configuration replaced. Apt did what you asked for.

hubi

_________________
Tilos Rádió Budapest
 
 View user's profile Send private message Send e-mail  
Reply with quote Back to top
DonKultOffline
Post subject:   PostPosted: 05.12.2010, 12:47
Team Member


Joined: 2010-09-02
Posts: 482

Status: Offline
Beside that it is dpkg which asks this conf files question (but that is nit-picking) it also creates various files to help you even if you chose the wrong option: Just look at the place the file normally resists for files with .dpkg-{new,dist,temp,old,…} extensions and restore the correct one…

The question gives you btw the option to show a diff - use it! If dpkg asks me this questions (not common on my laptop, but on my phone as the software is in big flux) i normally diff first, and then let dpkg spawn a shell for me were i can edit the file to get the new and better settings while leaving e.g. my debugging settings intact… i exit the shell, dpkg asks again and i verify with diffing again if i did all what i wanted and either repeat to edit again or kepp my file and let dpkg proceed.
The force is with you, so use it! Wink

_________________
MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
spacepenguinOffline
Post subject:   PostPosted: 05.12.2010, 16:41



Joined: 2010-09-11
Posts: 98
Location: Germany
Status: Offline
After looking at the maintainer's version I also decided to use that one and put my modifications into /etc/sudoers.d/ as suggested in the maintainer's sudoers file.

I just wonder what is the difference between the former "root ALL=(ALL) ALL" and the new "root ALL=(ALL:ALL) ALL"? And why "Defaults timestamp_timeout=0" was removed and what's the consequence.

_________________
Susan | Hardware: SysProfile | 32bit
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
JackieBrownOffline
Post subject:   PostPosted: 07.12.2010, 19:11



Joined: 2010-09-14
Posts: 3
Location: San Antonio
Status: Offline
That is what I did as well so that I would be less like to run into this again.

If the Debian folks go to the trouble of suggesting where I should put a config, I try to pay attention.

I was wondering about the difference but I just copied the new syntax
 
 View user's profile Send private message  
Reply with quote Back to top
ikeinthaiOffline
Post subject: sudo, what is it good for?  PostPosted: 08.12.2010, 03:41



Joined: 2010-09-22
Posts: 119
Location: bigannastybkk
Status: Offline
i thought we didn't sudo in aptosid, only sux.

http://manual.aptosid.com/en/term-konsole-en.htm#sudo:

      Quote:
sudo is not supported

sudo is not enabled by default on installation to hard disk. It is available for use on a live-ISO since no root password is preset. The reasoning behind this is so that if an attacker gets hold of the users password, they do not immediately get full super-user priviledges and make potentially damaging changes to your system.

Another issue with sudo is that it leads to running a root application with a users configuration, which may override or change permissions. In some cases, this can subsequently make an application unusable for the user. Use sux, kdesu, gksu or su-to-root -X -c as recommended!


but i too am curious what the different effect is btwn pkg maintainer's version and what i had.

i looked at the diff but it means nothing to me. since i re-disabled sudo maybe it means nothing to anyone 8S

ike.

ps i can sympathize with the op putting this in upgrade WARNINGS. many of us (most of us? some of us? well, me anyway!) these questions that come up during a dist-upgrade, whether i do a diff or not, i have NO IDEA what effect my choices will have. it brings to mind a Monty Python movie with a knight trying to cross a bridge and a troll asking questions. the wrong answer and. . . AHHHRGH. ripped into shreds and fed to the rabbits.

_________________
aptosid: magic in action, the point of the spear. bleedin pearls before swine? lets hope not. freesoftware/freedomsoftware=a chance at freedom. participants, engage your vehicle. . . avatar by zenren
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
DonKultOffline
Post subject: Re: sudo, what is it good for?  PostPosted: 08.12.2010, 11:34
Team Member


Joined: 2010-09-02
Posts: 482

Status: Offline
      ikeinthai wrote:
ps i can sympathize with the op putting this in upgrade WARNINGS. many of us (most of us? some of us? well, me anyway!) these questions that come up during a dist-upgrade, whether i do a diff or not, i have NO IDEA what effect my choices will have. it brings to mind a Monty Python movie with a knight trying to cross a bridge and a troll asking questions. the wrong answer and. . . AHHHRGH. ripped into shreds and fed to the rabbits.


Its pretty easy actually: Do you remember editing the file? No? -> Good candidate for replacing by maintainer version (they know what they do in general) Yes? Why? A Workaround? -> look at the diff, maybe its now included. Permanent setting? -> using your old will properly be okay, but look at the changes in the maintainer file. Also, try to watch for config file fragment directories (ending in .d). More and more software supports these to simplify the life of users…
You are helpless? -> Ask, here or IRC, very few people got killed for asking a question here. Wink That is btw the punshline in the sketch above: The heros could pass the brigde by tricking the guard into giving a wrong answer by asking a question.

Maybe, it will need some time until you find the holy grenade (= a solution to your problem) here in case you use some obscure or unsupported software, but you can at least try…

For the record: I haven't sudo installed - su is more than enough for me Smile

_________________
MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
poulpillusionOffline
Post subject: RE: Re: sudo, what is it good for?  PostPosted: 08.12.2010, 23:24



Joined: 2010-10-12
Posts: 6

Status: Offline
While I agree I did a mistake, I hope this warning, if not being an "upgrade warning", helped someone not to loose root access Wink
 
 View user's profile Send private message  
Reply with quote Back to top
broweOffline
Post subject: RE: Re: sudo, what is it good for?  PostPosted: 09.12.2010, 04:04



Joined: 2010-09-12
Posts: 152
Location: Canada
Status: Offline
For those who kept the old sudoers file, here's a copy of the new one, notice the sudoers.d and sudo group options:

      Code:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

#includedir /etc/sudoers.d


and in /etc/sudoers.d place the new sudoers file (chmod the file to 0440)

example:

      Code:

echo 'username    ALL=(ALL) ALL' >> /etc/sudoers.d/sudoers
chmod 0440 /etc/sudoers.d/sudoers
 
 View user's profile Send private message  
Reply with quote Back to top
ikeinthaiOffline
Post subject: holy grenades... is what i seek!  PostPosted: 09.12.2010, 07:18



Joined: 2010-09-22
Posts: 119
Location: bigannastybkk
Status: Offline
@ DonKult: thank you for your (as always) kind and informative reply.

ike.

_________________
aptosid: magic in action, the point of the spear. bleedin pearls before swine? lets hope not. freesoftware/freedomsoftware=a chance at freedom. participants, engage your vehicle. . . avatar by zenren
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio