Debian Bug report logs - #605130
sudo: unowned files after purge (policy 6.8)

version graph

Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gag.com>; Source for sudo is src:sudo.

Reported by: Holger Levsen <holger@layer-acht.org>

Date: Sat, 27 Nov 2010 17:30:04 UTC

Severity: important

Found in version sudo/1.7.4p4-4

Fixed in version sudo/1.7.4p4-5

Done: Bdale Garbee <bdale@gag.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#605130; Package sudo. (Sat, 27 Nov 2010 17:30:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
New Bug report received and forwarded. Copy sent to Bdale Garbee <bdale@gag.com>. (Sat, 27 Nov 2010 17:30:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: submit@bugs.debian.org
Subject: sudo: unowned files after purge (policy 6.8)
Date: Sat, 27 Nov 2010 18:27:57 +0100
[Message part 1 (text/plain, inline)]
Package: sudo
Version: 1.7.4p4-4
Severity: important
User: debian-qa@lists.debian.org
Usertags: piuparts piuparts.d.o

Hi, 

during a test with piuparts I noticed your package left unowned files on the 
system after purge, which is a violation of policy 6.8:

http://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-removedetails

Filing this as important as having a piuparts clean archive is a release goal 
since lenny.

From the attached log (scroll to the bottom...):

0m18.1s ERROR: FAIL: Package purging left files on system:
  /etc/sudoers	 not owned


cheers,
	Holger
[sudo_1.7.4p4-4.log (text/x-log, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#605130; Package sudo. (Sat, 27 Nov 2010 17:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. (Sat, 27 Nov 2010 17:39:07 GMT) Full text and rfc822 format available.

Message #10 received at 605130@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 605130@bugs.debian.org
Subject: Re: Bug#605130: Acknowledgement (sudo: unowned files after purge (policy 6.8))
Date: Sat, 27 Nov 2010 18:36:13 +0100
[Message part 1 (text/plain, inline)]
sudo-ldap is also affected.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#605130; Package sudo. (Sat, 27 Nov 2010 19:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bdale Garbee <bdale@gag.com>:
Extra info received and forwarded to list. (Sat, 27 Nov 2010 19:57:05 GMT) Full text and rfc822 format available.

Message #15 received at 605130@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: Holger Levsen <holger@layer-acht.org>, 605130@bugs.debian.org
Subject: Re: Bug#605130: sudo: unowned files after purge (policy 6.8)
Date: Sat, 27 Nov 2010 12:52:44 -0700
[Message part 1 (text/plain, inline)]
On Sat, 27 Nov 2010 18:27:57 +0100, Holger Levsen <holger@layer-acht.org> wrote:
> Filing this as important as having a piuparts clean archive is a release goal 
> since lenny.

> 0m18.1s ERROR: FAIL: Package purging left files on system:
>   /etc/sudoers	 not owned

This will not be fixed any time soon.  It's a conscious design decision
to "working around" the fact that we have to have distinct sudo and
sudo-ldap packages to make everyone happy, and don't want to lose the
contents of /etc/sudoers when a user decides to switch between the two.

I'm open to interesting suggestions (particularly if they come with
working patches), but the current situation was the best I could come up
with the last time I reviewed the alternatives.

Bdale
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#605130; Package sudo. (Sat, 27 Nov 2010 22:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. (Sat, 27 Nov 2010 22:03:03 GMT) Full text and rfc822 format available.

Message #20 received at 605130@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 605130@bugs.debian.org
Subject: Re: Bug#605130: sudo: unowned files after purge (policy 6.8)
Date: Sat, 27 Nov 2010 22:58:14 +0100
[Message part 1 (text/plain, inline)]
reassign 605130 piuparts
tags 605130 + pending
thanks

Hi Bdale,

On Samstag, 27. November 2010, Bdale Garbee wrote:
> This will not be fixed any time soon.  It's a conscious design decision
> to "working around" the fact that we have to have distinct sudo and
> sudo-ldap packages to make everyone happy, and don't want to lose the
> contents of /etc/sudoers when a user decides to switch between the two.

Ok, this makes sense. I will tell piuparts to ignore /etc/sudoers from now on.

Or wait, I wont. Removed control@ from to: on purpose, see below

> I'm open to interesting suggestions (particularly if they come with
> working patches), but the current situation was the best I could come up
> with the last time I reviewed the alternatives.

The use case you described will continue to work: if you have sudo installed 
and install sudo-ldap, /etc/sudoers can be handled like it has been handled.

But in the case of purge, I think /etc/sudoers should be removed, as this is 
what purge is supposed to do.


cheers,
	Holger

BTW: sudo is one of the 6 packages (out of almost 30k) I finally treat 
specially on piuparts.d.o. I now run 'yes "yes" | passwd' in all piuparts 
tests, so sudo and sudo dependend packages can be tested :) 
The other exceptions are upstart, file-rc (both remove essential packages), 
apt-listbugs (which will stop upgrades if RC bugs are present) and 
ltsp-client-core and fai-nfsroot (which both rightfully refuse to install in 
non suited environments).

IOW: I'm already treating sudo very specially but I see no reason (yet) to 
excempt it from purging files on purge. Or?
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#605130; Package sudo. (Wed, 01 Dec 2010 21:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bdale Garbee <bdale@gag.com>:
Extra info received and forwarded to list. (Wed, 01 Dec 2010 21:09:03 GMT) Full text and rfc822 format available.

Message #25 received at 605130@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: Holger Levsen <holger@layer-acht.org>, 605130@bugs.debian.org
Subject: Re: Bug#605130: sudo: unowned files after purge (policy 6.8)
Date: Wed, 01 Dec 2010 14:07:24 -0700
[Message part 1 (text/plain, inline)]
On Sat, 27 Nov 2010 22:58:14 +0100, Holger Levsen <holger@layer-acht.org> wrote:
> Or wait, I wont. Removed control@ from to: on purpose, see below
> 
> > I'm open to interesting suggestions (particularly if they come with
> > working patches), but the current situation was the best I could come up
> > with the last time I reviewed the alternatives.
> 
> The use case you described will continue to work: if you have sudo installed 
> and install sudo-ldap, /etc/sudoers can be handled like it has been handled.
> 
> But in the case of purge, I think /etc/sudoers should be removed, as this is 
> what purge is supposed to do.

After thinking about this some more, the real problem is just that
sudoers was not treated as a conffile.  The big thing that's changed
since the last time I considered making it one is that we now include
support for local config fragments in /etc/sudoers.d, such that it
really should be possible for /etc/sudoers to be unmodified on most
systems.  Thus, moving it to being a normal conffile now makes sense to
me. 

I'll make the change for the next upload.

Bdale
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Bdale Garbee <bdale@gag.com>:
Bug#605130; Package sudo. (Thu, 02 Dec 2010 00:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
Extra info received and forwarded to list. Copy sent to Bdale Garbee <bdale@gag.com>. (Thu, 02 Dec 2010 00:39:04 GMT) Full text and rfc822 format available.

Message #30 received at 605130@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: 605130@bugs.debian.org
Subject: Re: Bug#605130: sudo: unowned files after purge (policy 6.8)
Date: Thu, 2 Dec 2010 01:36:15 +0100
[Message part 1 (text/plain, inline)]
Hi Bdale,

On Mittwoch, 1. Dezember 2010, Bdale Garbee wrote:
> After thinking about this some more, the real problem is just that
> sudoers was not treated as a conffile.

Ah! +heh, right :)

> I'll make the change for the next upload.

FWIW, I'm happy about this and probably dont wanna see this in squeeze... for 
reasons you know too well!


cheers,
	Holger
[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from bdale@gag.com (Bdale Garbee) to control@bugs.debian.org. (Thu, 02 Dec 2010 02:39:09 GMT) Full text and rfc822 format available.

Reply sent to Bdale Garbee <bdale@gag.com>:
You have taken responsibility. (Thu, 02 Dec 2010 03:51:08 GMT) Full text and rfc822 format available.

Notification sent to Holger Levsen <holger@layer-acht.org>:
Bug acknowledged by developer. (Thu, 02 Dec 2010 03:51:08 GMT) Full text and rfc822 format available.

Message #37 received at 605130-close@bugs.debian.org (full text, mbox):

From: Bdale Garbee <bdale@gag.com>
To: 605130-close@bugs.debian.org
Subject: Bug#605130: fixed in sudo 1.7.4p4-5
Date: Thu, 02 Dec 2010 03:47:08 +0000
Source: sudo
Source-Version: 1.7.4p4-5

We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:

sudo-ldap_1.7.4p4-5_i386.deb
  to main/s/sudo/sudo-ldap_1.7.4p4-5_i386.deb
sudo_1.7.4p4-5.debian.tar.gz
  to main/s/sudo/sudo_1.7.4p4-5.debian.tar.gz
sudo_1.7.4p4-5.dsc
  to main/s/sudo/sudo_1.7.4p4-5.dsc
sudo_1.7.4p4-5_i386.deb
  to main/s/sudo/sudo_1.7.4p4-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 605130@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <bdale@gag.com> (supplier of updated sudo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Dec 2010 20:32:31 -0700
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.7.4p4-5
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Bdale Garbee <bdale@gag.com>
Description: 
 sudo       - Provide limited super user privileges to specific users
 sudo-ldap  - Provide limited super user privileges to specific users
Closes: 602699 604619 605130 605580
Changes: 
 sudo (1.7.4p4-5) unstable; urgency=low
 .
   * patch from Jakub Wilk to add noopt and nostrip build option support,
     closes: #605580
   * make sudoers a conffile, closes: #605130
   * add descriptions to LSB init headers, closes: #604619
   * change default sudoers %sudo entry to allow gid changes, closes: #602699
   * add Vcs entries to the control file
   * use debhelper install files instead of explicit installs in rules
Checksums-Sha1: 
 7c4c118fc9814f4e65fe099e90ef34c25df87009 1755 sudo_1.7.4p4-5.dsc
 a9fb7d85c4f424bf9b5a47f31d9a62dff92ddcbb 22715 sudo_1.7.4p4-5.debian.tar.gz
 0748ac88b35f39f5da18e3075ecd9713c5abba5e 400298 sudo_1.7.4p4-5_i386.deb
 5787af8389b3fe24fbe80e639cbf5554f8dd7d7d 425406 sudo-ldap_1.7.4p4-5_i386.deb
Checksums-Sha256: 
 7b1ca8cdaaca435b1bbc1af133ebb5301f216a9263498b28e9fec7daefd5a266 1755 sudo_1.7.4p4-5.dsc
 b2a5ed96e690f0554359e62d1682c5f89318a0fe12b848dcc6f341739ed86955 22715 sudo_1.7.4p4-5.debian.tar.gz
 ba29192ec66ee850c916f031e19b2e6762ae8674eeee1560e5a14f97b255a62d 400298 sudo_1.7.4p4-5_i386.deb
 61ec99f99ac02cb8fda5c6137b77c926566910afcebd1ed03287acf524993709 425406 sudo-ldap_1.7.4p4-5_i386.deb
Files: 
 a72abbf39b0725ef46374b087798337f 1755 admin optional sudo_1.7.4p4-5.dsc
 aa95838c33ee688828e51a2e34a7d688 22715 admin optional sudo_1.7.4p4-5.debian.tar.gz
 438c57dbb94347389b0fe95dc32bd18d 400298 admin optional sudo_1.7.4p4-5_i386.deb
 0057897f77364cfa85db46afc8a2c547 425406 admin optional sudo-ldap_1.7.4p4-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTPcUOjqTYZbAldlBAQomfRAAgHcuTU1aG7KZUYS+T4oR8Sz5l9jhVKkV
BNtzpj/tSI1e9Thc9mtCcqTigsj51FxBTW9rMn18G8v/1SP2xmJn/fRywEtSCEX3
p4v2ood2T2lLewGsE7ggWlYdRza1zWSkz9UEN6wpWp/2g9yhr0VLDqh23EVUPJaB
E9G8+L8jrycRUxv8/3eLhBjuMSm2Yq430dj6qsRKpm+NOnhHR7oYfrzUxQm8liQe
Ry7n5+4wrGXJB8+C1NY2nlZTxscIpa9QO1hbRny8/iO27DdMc/G7oXZInVgFfX6u
3Rw9tPq+OFqEcdg4byEFjlBFce5g5sE6RUAY44Ct9wmT7S9p/edNEm9hEfABE0It
2NJBR15bb4iVVht1YZnbOB1zg9v+OO/AJPL+3klLyc9YwpmtcxRQmAJzMyC4YrUr
AOK+pEJszj7wc67v4XTCf+ehePg4uMNj1iXtG6ECodC4H8Ev4m+df1QwaOQFfoeU
ZzscmLuD3uZ/Ti9ifNHLcYfEfaO86x3rBVL87zwwNsUILzE7wtkRyzo7YaplKufL
onqFKX5PXJyb8AeGnZT0cuJC5/bamXqS+HR88RfE/ke3NWSMgljo506D7XBIMMuh
RYxBE8mPtH29IexWBBubmPJ6wMO8QLgZYL5BT6NHy0oQIXQo5FWtH1CAF1NuOmV2
yA5FH5qfBy0=
=r/pw
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 05 Jan 2011 07:33:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 00:14:16 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.