Debian Bug report logs - #697490
cloud.debian.org: use /etc/sudoers.d.

Package: cloud.debian.org; Maintainer for cloud.debian.org is Debian Cloud Team <debian-cloud@lists.debian.org>;

Reported by: Charles Plessy <plessy@debian.org>

Date: Sun, 6 Jan 2013 03:33:04 UTC

Severity: minor

Tags: pending

Forwarded to https://github.com/andsens/ec2debian-build-ami/issues/43

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 03:33:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 03:33:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: submit@bugs.debian.org
Subject: Passwordless sudo without modifying /etc/sudoers ?
Date: Sun, 6 Jan 2013 12:32:04 +0900
Package: cloud.debian.org
Severity: minor

Hello everybody,

while updating from Squeeze to Wheezy an image created by ec2debian-build-ami,
I was interrupted by dpkg to manage the update of /etc/sudoers as it was
locally modified by ec2debian-build-ami to add the following line:

admin	ALL=(ALL) NOPASSWD: ALL

At first I thought that it could be simplified by simply adding the admin user
to the sudoer group, however this does not work as the admin user does not have
a password, and by default, sudo will ask for one to the members of the sudo
group:

%sudo	ALL=(ALL:ALL) ALL

However, I note that in Ubuntu, a password is not asked, despite that the
configuration is very similar (using the group admin instead of sudo).

%admin ALL=(ALL) ALL

Does anybody know how to allow passwordless access to the members of the sudo
group without modifying /etc/sudoers ?  This would simplify the interactive
upgrades of our virtual machines.

Have a nice Sunday,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 04:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 04:18:03 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: submit@bugs.debian.org, "Charles Plessy" <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
Date: Sun, 06 Jan 2013 15:14:45 +1100
On Sun, 06 Jan 2013 14:32:04 +1100, Charles Plessy <plessy@debian.org>  
wrote:

> Package: cloud.debian.org
> Severity: minor
>
> Hello everybody,
>
> while updating from Squeeze to Wheezy an image created by  
> ec2debian-build-ami,
> I was interrupted by dpkg to manage the update of /etc/sudoers as it was
> locally modified by ec2debian-build-ami to add the following line:
>
> admin	ALL=(ALL) NOPASSWD: ALL
>
> At first I thought that it could be simplified by simply adding the  
> admin user
> to the sudoer group, however this does not work as the admin user does  
> not have
> a password, and by default, sudo will ask for one to the members of the  
> sudo
> group:
>
> %sudo	ALL=(ALL:ALL) ALL
>
> However, I note that in Ubuntu, a password is not asked, despite that the
> configuration is very similar (using the group admin instead of sudo).
>
> %admin ALL=(ALL) ALL
>
> Does anybody know how to allow passwordless access to the members of the  
> sudo
> group without modifying /etc/sudoers ?  This would simplify the  
> interactive
> upgrades of our virtual machines.
Afaik, this is what /etc/sudoers is for and should be edited by visudo, at  
least for interactive (SUDOERS(5)).
For automation of this configuration I like using Chef and the sudo  
cookbook, http://community.opscode.com/cookbooks/sudo. I am not sure why  
you are looking for another way without editing /etc/sudoers.

> Have a nice Sunday,
>


-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 04:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 04:18:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 04:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Wise <pabs@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 04:51:03 GMT) Full text and rfc822 format available.

Message #20 received at 697490@bugs.debian.org (full text, mbox):

From: Paul Wise <pabs@debian.org>
To: 697490@bugs.debian.org, Charles Plessy <plessy@debian.org>
Subject: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 12:49:17 +0800
[Message part 1 (text/plain, inline)]
There is the /etc/sudoers.d directory in recent Debian versions:

pabs@chianamo ~ $ sudo cat /etc/sudoers.d/README 
#
# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
# installation of the package now includes the directive:
# 
# 	#includedir /etc/sudoers.d
# 
# This will cause sudo to read and parse any files in the /etc/sudoers.d 
# directory that do not end in '~' or contain a '.' character.
# 
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.
# 
# Note also, that because sudoers contents can vary widely, no attempt is 
# made to add this directive to existing sudoers files on upgrade.  Feel free
# to add the above directive to the end of your /etc/sudoers file to enable 
# this functionality for existing installations if you wish!
#
# Finally, please note that using the visudo command is the recommended way
# to update sudoers content, since it protects against many failure modes.
# See the man page for visudo for more information.
#
pabs@chianamo ~ $ sudo tail -n3 /etc/sudoers
# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 04:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 04:57:05 GMT) Full text and rfc822 format available.

Message #25 received at 697490@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: 697490@bugs.debian.org, "Charles Plessy" <plessy@debian.org>, "Paul Wise" <pabs@debian.org>
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 15:52:46 +1100
On Sun, 06 Jan 2013 15:49:17 +1100, Paul Wise <pabs@debian.org> wrote:

> There is the /etc/sudoers.d directory in recent Debian versions:
>
> pabs@chianamo ~ $ sudo cat /etc/sudoers.d/README
> #
> # As of Debian version 1.7.2p1-1, the default /etc/sudoers file created  
> on
> # installation of the package now includes the directive:
> #
> # 	#includedir /etc/sudoers.d
> #
> # This will cause sudo to read and parse any files in the /etc/sudoers.d
> # directory that do not end in '~' or contain a '.' character.
> #
> # Note that there must be at least one file in the sudoers.d directory  
> (this
> # one will do), and all files in this directory should be mode 0440.
> #
> # Note also, that because sudoers contents can vary widely, no attempt is
> # made to add this directive to existing sudoers files on upgrade.  Feel  
> free
> # to add the above directive to the end of your /etc/sudoers file to  
> enable
> # this functionality for existing installations if you wish!
> #
> # Finally, please note that using the visudo command is the recommended  
> way
> # to update sudoers content, since it protects against many failure  
> modes.
> # See the man page for visudo for more information.
> #
> pabs@chianamo ~ $ sudo tail -n3 /etc/sudoers
> # See sudoers(5) for more information on "#include" directives:
>
> #includedir /etc/sudoers.d
>
Either way, basically root is needed, so I am wondering what Charles' use  
case is here..

-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 07:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 07:12:06 GMT) Full text and rfc822 format available.

Message #30 received at 697490@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 6 Jan 2013 16:09:49 +0900
user cloud.debian.org@packages.debian.org
usertags 697490 image
retitle 697490 cloud.debian.org: use /etc/sudoers.d.
quit

> On Sun, 06 Jan 2013 15:49:17 +1100, Paul Wise <pabs@debian.org> wrote:
> 
> >There is the /etc/sudoers.d directory in recent Debian versions:

Le Sun, Jan 06, 2013 at 03:52:46PM +1100, Chris Fordham a écrit :
> 
> Either way, basically root is needed, so I am wondering what
> Charles' use case is here..

The problem I would like to solve is dpkg interrupting upgrades when
/etc/sudoers is updated, because the file used in Debian's images is modified.
Using sudoers.d is indeed the good solution, that I overlooked when inspecting
the Ubuntu image.

root@ip-10-148-5-107:/etc# cat sudoers.d/90-cloudimg-ubuntu 
# ubuntu user is default user in cloud-images.
# It needs passwordless sudo functionality.
ubuntu ALL=(ALL) NOPASSWD:ALL

Cheers,

-- 
Charles



Changed Bug title to 'cloud.debian.org: use /etc/sudoers.d.' from 'Passwordless sudo without modifying /etc/sudoers ?' Request was from Charles Plessy <plessy@debian.org> to control@bugs.debian.org. (Sun, 06 Jan 2013 07:12:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 07:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 07:33:03 GMT) Full text and rfc822 format available.

Message #37 received at 697490@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: 697490@bugs.debian.org, "Charles Plessy" <plessy@debian.org>
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 18:24:31 +1100
On Sun, 06 Jan 2013 18:09:49 +1100, Charles Plessy <plessy@debian.org>  
wrote:

> user cloud.debian.org@packages.debian.org
> usertags 697490 image
> retitle 697490 cloud.debian.org: use /etc/sudoers.d.
> quit
>
>> On Sun, 06 Jan 2013 15:49:17 +1100, Paul Wise <pabs@debian.org> wrote:
>>
>> >There is the /etc/sudoers.d directory in recent Debian versions:
>
> Le Sun, Jan 06, 2013 at 03:52:46PM +1100, Chris Fordham a écrit :
>>
>> Either way, basically root is needed, so I am wondering what
>> Charles' use case is here..
>
> The problem I would like to solve is dpkg interrupting upgrades when
> /etc/sudoers is updated, because the file used in Debian's images is  
> modified.
> Using sudoers.d is indeed the good solution, that I overlooked when  
> inspecting
> the Ubuntu image.
>
> root@ip-10-148-5-107:/etc# cat sudoers.d/90-cloudimg-ubuntu
> # ubuntu user is default user in cloud-images.
> # It needs passwordless sudo functionality.
> ubuntu ALL=(ALL) NOPASSWD:ALL
Not sure what you mean by 'interrupting' but I don't see how this is a bug  
and its for Ubuntu images not Debian all the same. The original mail was  
to allow the group sudo, not ubuntu too.
For non-human upgrades to the sudo package, how the debian maintainer  
scripts manage /etc/sudoers should be checked out when using  
DEBIAN_FRONTEND=noninteractive as this file is not provided physically in  
the package itself, http://packages.debian.org/squeeze/amd64/sudo/filelist

Glad you found a solution :)

> Cheers,
>


-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 07:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Trotter <ultrotter@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 07:57:03 GMT) Full text and rfc822 format available.

Message #42 received at 697490@bugs.debian.org (full text, mbox):

From: Guido Trotter <ultrotter@gmail.com>
To: Chris Fordham <chris.fordham@rightscale.com>, 697490@bugs.debian.org
Subject: Re: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
Date: Sun, 6 Jan 2013 08:55:47 +0100
Note that debian's default sudo (at least in wheezy, I haven't checked
squeeze now) includes files /etc/suders.d/
So dropping a file with the additional line you need there is a way to
add sudo rules without modifying /etc/sudoers.

Thanks,
Guido

On Sun, Jan 6, 2013 at 5:14 AM, Chris Fordham
<chris.fordham@rightscale.com> wrote:
> On Sun, 06 Jan 2013 14:32:04 +1100, Charles Plessy <plessy@debian.org>
> wrote:
>
>> Package: cloud.debian.org
>> Severity: minor
>>
>> Hello everybody,
>>
>> while updating from Squeeze to Wheezy an image created by
>> ec2debian-build-ami,
>> I was interrupted by dpkg to manage the update of /etc/sudoers as it was
>> locally modified by ec2debian-build-ami to add the following line:
>>
>> admin   ALL=(ALL) NOPASSWD: ALL
>>
>> At first I thought that it could be simplified by simply adding the admin
>> user
>> to the sudoer group, however this does not work as the admin user does not
>> have
>> a password, and by default, sudo will ask for one to the members of the
>> sudo
>> group:
>>
>> %sudo   ALL=(ALL:ALL) ALL
>>
>> However, I note that in Ubuntu, a password is not asked, despite that the
>> configuration is very similar (using the group admin instead of sudo).
>>
>> %admin ALL=(ALL) ALL
>>
>> Does anybody know how to allow passwordless access to the members of the
>> sudo
>> group without modifying /etc/sudoers ?  This would simplify the
>> interactive
>> upgrades of our virtual machines.
>
> Afaik, this is what /etc/sudoers is for and should be edited by visudo, at
> least for interactive (SUDOERS(5)).
> For automation of this configuration I like using Chef and the sudo
> cookbook, http://community.opscode.com/cookbooks/sudo. I am not sure why you
> are looking for another way without editing /etc/sudoers.
>
>
>> Have a nice Sunday,
>>
>
>
> --
>
> Chris Fordham
>
> Backline Support Engineer
> RightScale Technical Services
>
>
> Direct: +1 805 243 0252
>
> Cell: +61 423 003 417
>
> Skype: chris.fordham.rs
>
> Email: chris.fordham@rightscale.com
>
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/op.wqg12vh927hw59@lister.dev.xhost.net.au
>



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 08:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 08:57:03 GMT) Full text and rfc822 format available.

Message #47 received at 697490@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 6 Jan 2013 17:53:09 +0900
Le Sun, Jan 06, 2013 at 06:24:31PM +1100, Chris Fordham a écrit :
> >
> Not sure what you mean by 'interrupting'

I mean the following:

Setting up sudo (1.8.5p2-1) ...
Installing new version of config file /etc/init.d/sudo ...

	Configuration file `/etc/sudoers'
	 ==> File on system created by you or by a script.
	 ==> File also in package provided by package maintainer.
	   What would you like to do about it ?  Your options are:
	    Y or I  : install the package maintainer's version
	    N or O  : keep your currently-installed version
	      D     : show the differences between the versions
	      Z     : start a shell to examine the situation
	 The default action is to keep your current version.
	*** sudoers (Y/I/N/O/D/Z) [default=N] ? 

This message will be prevented by having "admin  ALL=(ALL) NOPASSWD: ALL"
in a file in /etc/sudoers.d instead of adding this line to /etc/sudoers.

The only other interruption is the following debconf question from libc6:

	Restart services during package upgrades without asking?

I wonder if it would make sense to preseed it ?

-- 
Charles



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 09:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 09:03:03 GMT) Full text and rfc822 format available.

Message #52 received at 697490@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: 697490@bugs.debian.org, "Charles Plessy" <plessy@debian.org>
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 19:58:25 +1100
On Sun, 06 Jan 2013 19:53:09 +1100, Charles Plessy <plessy@debian.org>  
wrote:

> Le Sun, Jan 06, 2013 at 06:24:31PM +1100, Chris Fordham a écrit :
>> >
>> Not sure what you mean by 'interrupting'
>
> I mean the following:
>
> Setting up sudo (1.8.5p2-1) ...
> Installing new version of config file /etc/init.d/sudo ...
>
> 	Configuration file `/etc/sudoers'
> 	 ==> File on system created by you or by a script.
> 	 ==> File also in package provided by package maintainer.
> 	   What would you like to do about it ?  Your options are:
> 	    Y or I  : install the package maintainer's version
> 	    N or O  : keep your currently-installed version
> 	      D     : show the differences between the versions
> 	      Z     : start a shell to examine the situation
> 	 The default action is to keep your current version.
> 	*** sudoers (Y/I/N/O/D/Z) [default=N] ?
>
> This message will be prevented by having "admin  ALL=(ALL) NOPASSWD: ALL"
> in a file in /etc/sudoers.d instead of adding this line to /etc/sudoers.
>
> The only other interruption is the following debconf question from libc6:
>
> 	Restart services during package upgrades without asking?
>
> I wonder if it would make sense to preseed it ?
>
Did you test that with setting DEBIAN_FRONTEND=noninteractive first ?

-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 09:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 09:21:03 GMT) Full text and rfc822 format available.

Message #57 received at 697490@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 6 Jan 2013 18:16:22 +0900
forwarded 697490 https://github.com/andsens/ec2debian-build-ami/issues/43
quit

Le Sun, Jan 06, 2013 at 07:58:25PM +1100, Chris Fordham a écrit :
> >
> Did you test that with setting DEBIAN_FRONTEND=noninteractive first ?

No, I am running the upgrade interactively, and I would like to be able to
answer relevant questions if any.  Therefore, if it is possible to have good
defaults that remove the need for some of the existing questions, it will leave
more time and focus for the remaining ones.

I have forwarded my suggestion on GitHub's page for ec2debian-build-ami.  Let's
see Anders' response.

Cheers,

-- 
Charles



Set Bug forwarded-to-address to 'https://github.com/andsens/ec2debian-build-ami/issues/43'. Request was from Charles Plessy <plessy@debian.org> to control@bugs.debian.org. (Sun, 06 Jan 2013 09:21:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 11:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 11:03:04 GMT) Full text and rfc822 format available.

Message #64 received at 697490@bugs.debian.org (full text, mbox):

From: Anders Ingemann <anders@ingemann.de>
To: Charles Plessy <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 6 Jan 2013 11:58:51 +0100
You are right, sudoers.d should be used, this would also fix the
problem with wheezy, where my sed command does not work, because the
layout of the file has changed.

Anders


On 6 January 2013 10:16, Charles Plessy <plessy@debian.org> wrote:
> forwarded 697490 https://github.com/andsens/ec2debian-build-ami/issues/43
> quit
>
> Le Sun, Jan 06, 2013 at 07:58:25PM +1100, Chris Fordham a écrit :
>> >
>> Did you test that with setting DEBIAN_FRONTEND=noninteractive first ?
>
> No, I am running the upgrade interactively, and I would like to be able to
> answer relevant questions if any.  Therefore, if it is possible to have good
> defaults that remove the need for some of the existing questions, it will leave
> more time and focus for the remaining ones.
>
> I have forwarded my suggestion on GitHub's page for ec2debian-build-ami.  Let's
> see Anders' response.
>
> Cheers,
>
> --
> Charles
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20130106091622.GC13912@falafel.plessy.net
>



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 14:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Goirand <zigo@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 14:30:05 GMT) Full text and rfc822 format available.

Message #69 received at 697490@bugs.debian.org (full text, mbox):

From: Thomas Goirand <zigo@debian.org>
To: 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 22:27:59 +0800
On 01/06/2013 04:53 PM, Charles Plessy wrote:
> I wonder if it would make sense to preseed it ?
IMO, it would. It's a sane default.

> Did you test that with setting DEBIAN_FRONTEND=noninteractive first ?

This is a totally different topic.

Thomas




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 16:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ian Campbell <ijc@hellion.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 16:03:06 GMT) Full text and rfc822 format available.

Message #74 received at 697490@bugs.debian.org (full text, mbox):

From: Ian Campbell <ijc@hellion.org.uk>
To: Charles Plessy <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 06 Jan 2013 16:00:07 +0000
[Message part 1 (text/plain, inline)]
On Sun, 2013-01-06 at 17:53 +0900, Charles Plessy wrote:
> 
> The only other interruption is the following debconf question from
> libc6:
> 
>         Restart services during package upgrades without asking?
> 
> I wonder if it would make sense to preseed it ? 

This question isn't specific to the cloud images or the use of
ec2debian-build-ami, is it? IIRC you get asked the same thing with a
native system install with d-i or debootstrap created chroots.

If there is an issue with the priority of this question then that seems
like something which should be raised with the libc6 package maintainer,
not overridden/workedaround by downstream tools.

Ian.
-- 
Ian Campbell


Am I in GRADUATE SCHOOL yet?
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 17:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Goirand <zigo@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 17:51:06 GMT) Full text and rfc822 format available.

Message #79 received at 697490@bugs.debian.org (full text, mbox):

From: Thomas Goirand <zigo@debian.org>
To: 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Mon, 07 Jan 2013 01:48:01 +0800
On 01/07/2013 12:00 AM, Ian Campbell wrote:
> On Sun, 2013-01-06 at 17:53 +0900, Charles Plessy wrote:
>> The only other interruption is the following debconf question from
>> libc6:
>>
>>         Restart services during package upgrades without asking?
>>
>> I wonder if it would make sense to preseed it ? 
> This question isn't specific to the cloud images or the use of
> ec2debian-build-ami, is it? IIRC you get asked the same thing with a
> native system install with d-i or debootstrap created chroots.
>
> If there is an issue with the priority of this question then that seems
> like something which should be raised with the libc6 package maintainer,
> not overridden/workedaround by downstream tools.
>
> Ian.
I don't think it goes against the Debian policy to preseed stuff
if we believe it's adapted to the use case. That's what blends
are all about. I see these AMI images as a matching case.

Though this is not a strong opinion that I have, I do understand
your view.

Thomas




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 19:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 19:09:03 GMT) Full text and rfc822 format available.

Message #84 received at 697490@bugs.debian.org (full text, mbox):

From: Anders Ingemann <anders@ingemann.de>
To: Thomas Goirand <zigo@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Sun, 6 Jan 2013 20:05:26 +0100
On 6 January 2013 18:48, Thomas Goirand <zigo@debian.org> wrote:
> On 01/07/2013 12:00 AM, Ian Campbell wrote:
>> On Sun, 2013-01-06 at 17:53 +0900, Charles Plessy wrote:
>>> The only other interruption is the following debconf question from
>>> libc6:
>>>
>>>         Restart services during package upgrades without asking?
>>>
>>> I wonder if it would make sense to preseed it ?
>> This question isn't specific to the cloud images or the use of
>> ec2debian-build-ami, is it? IIRC you get asked the same thing with a
>> native system install with d-i or debootstrap created chroots.
>>
>> If there is an issue with the priority of this question then that seems
>> like something which should be raised with the libc6 package maintainer,
>> not overridden/workedaround by downstream tools.
>>
>> Ian.
> I don't think it goes against the Debian policy to preseed stuff
> if we believe it's adapted to the use case. That's what blends
> are all about. I see these AMI images as a matching case.
>
> Though this is not a strong opinion that I have, I do understand
> your view.
>
> Thomas
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/50E9B8D1.2020809@debian.org
>

It's a simple fix really:
https://github.com/andsens/ec2debian-build-ami/blob/master/plugins/admin-user-tasks/create-user#L8
I will gladly accept a pull request to the master branch on github,
provided the stuff has been thoroughly tested.
Otherwise you can send it to the development branch.

But I haven't read the whole thread. There seems to be something going
on with libc6, does that belong in this thread?

Anders



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Sun, 06 Jan 2013 22:00:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 06 Jan 2013 22:00:08 GMT) Full text and rfc822 format available.

Message #89 received at 697490@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: "Charles Plessy" <plessy@debian.org>, 697490@bugs.debian.org, "Anders Ingemann" <anders@ingemann.de>
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Mon, 07 Jan 2013 08:55:25 +1100
On Sun, 06 Jan 2013 21:58:51 +1100, Anders Ingemann <anders@ingemann.de>  
wrote:

> You are right, sudoers.d should be used, this would also fix the
> problem with wheezy, where my sed command does not work, because the
> layout of the file has changed.
This is a good example of why template-based configuration is better used  
rather than regex/stream based editing.

> Anders
>
>
> On 6 January 2013 10:16, Charles Plessy <plessy@debian.org> wrote:
>> forwarded 697490  
>> https://github.com/andsens/ec2debian-build-ami/issues/43
>> quit
>>
>> Le Sun, Jan 06, 2013 at 07:58:25PM +1100, Chris Fordham a écrit :
>>> >
>>> Did you test that with setting DEBIAN_FRONTEND=noninteractive first ?
>>
>> No, I am running the upgrade interactively, and I would like to be able  
>> to
>> answer relevant questions if any.  Therefore, if it is possible to have  
>> good
>> defaults that remove the need for some of the existing questions, it  
>> will leave
>> more time and focus for the remaining ones.
>>
>> I have forwarded my suggestion on GitHub's page for  
>> ec2debian-build-ami.  Let's
>> see Anders' response.
>>
>> Cheers,
>>
>> --
>> Charles
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact  
>> listmaster@lists.debian.org
>> Archive:  
>> http://lists.debian.org/20130106091622.GC13912@falafel.plessy.net
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact  
> listmaster@lists.debian.org
> Archive:  
> http://lists.debian.org/CAMcOGXFqcCY04UgoT6neVtqBt3GNjk2mt7c4wsXmahQVuNR7NA@mail.gmail.com
>


-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Mon, 07 Jan 2013 00:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bob Proulx <bob@proulx.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Mon, 07 Jan 2013 00:15:03 GMT) Full text and rfc822 format available.

Message #94 received at 697490@bugs.debian.org (full text, mbox):

From: Bob Proulx <bob@proulx.com>
To: Charles Plessy <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: Passwordless sudo without modifying /etc/sudoers ?
Date: Sun, 6 Jan 2013 17:11:45 -0700
[Message part 1 (text/plain, inline)]
Guido Trotter wrote:
> Note that debian's default sudo (at least in wheezy, I haven't checked
> squeeze now) includes files /etc/suders.d/
> So dropping a file with the additional line you need there is a way to
> add sudo rules without modifying /etc/sudoers.

Yes.  I do exactly that.  But note that order matters.  The last entry
has highest priority.  Therefore name the file such that it will sort
later than any other entry.  I use /etc/sudoers.d/zz-local-sudoers
with a "zz" prefix.

Bob
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Mon, 07 Jan 2013 00:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Mon, 07 Jan 2013 00:21:03 GMT) Full text and rfc822 format available.

Message #99 received at 697490@bugs.debian.org (full text, mbox):

From: Anders Ingemann <anders@ingemann.de>
To: Chris Fordham <chris.fordham@rightscale.com>
Cc: Charles Plessy <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Mon, 7 Jan 2013 01:17:57 +0100
On 6 January 2013 22:55, Chris Fordham <chris.fordham@rightscale.com> wrote:
> This is a good example of why template-based configuration is better used
> rather than regex/stream based editing.

well. d'uh! :-P
I did not know about sudoers.d when I wrote it, otherwise I can assure
you that we wouldn't be talking about this to begin with ;-)



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Mon, 07 Jan 2013 00:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Chris Fordham" <chris.fordham@rightscale.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Mon, 07 Jan 2013 00:30:03 GMT) Full text and rfc822 format available.

Message #104 received at 697490@bugs.debian.org (full text, mbox):

From: "Chris Fordham" <chris.fordham@rightscale.com>
To: "Anders Ingemann" <anders@ingemann.de>
Cc: "Charles Plessy" <plessy@debian.org>, 697490@bugs.debian.org
Subject: Re: Bug#697490: cloud: 697490: use sudoers.d
Date: Mon, 07 Jan 2013 11:27:22 +1100
On Mon, 07 Jan 2013 11:17:57 +1100, Anders Ingemann <anders@ingemann.de>  
wrote:

> On 6 January 2013 22:55, Chris Fordham <chris.fordham@rightscale.com>  
> wrote:
>> This is a good example of why template-based configuration is better  
>> used
>> rather than regex/stream based editing.
>
> well. d'uh! :-P
> I did not know about sudoers.d when I wrote it, otherwise I can assure
> you that we wouldn't be talking about this to begin with ;-)
Can still configure /etc/sudoers by template as there may be other  
directives and comments not relevant for sudoers.d, e.g.  
https://github.com/opscode-cookbooks/sudo/blob/master/templates/default/sudoers.erb  
:)

-- 

Chris Fordham

Backline Support Engineer
RightScale Technical Services


Direct: +1 805 243 0252

Cell: +61 423 003 417

Skype: chris.fordham.rs

Email: chris.fordham@rightscale.com







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Mon, 07 Jan 2013 04:39:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Bromberger, James" <jameseb@amazon.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Mon, 07 Jan 2013 04:39:09 GMT) Full text and rfc822 format available.

Message #109 received at 697490@bugs.debian.org (full text, mbox):

From: "Bromberger, James" <jameseb@amazon.com>
To: Anders Ingemann <anders@ingemann.de>, "697490@bugs.debian.org" <697490@bugs.debian.org>, Chris Fordham <chris.fordham@rightscale.com>
Cc: Charles Plessy <plessy@debian.org>
Subject: RE: Bug#697490: cloud: 697490: use sudoers.d
Date: Mon, 7 Jan 2013 04:34:48 +0000
This (sudoers.d) looks completely sensible to me (and indeed, I saw the same issue and realized the danger of overwriting the sudoers file accidentally removing access to the host). Perhaps time to start to get ready to re-roll the image with accrued fixes. (this one, Libc6, etc). if anyone needs access to the AWS account for resource access in order to test, please let me know.

  James
PS: If you do overwrite /etc/sudoers, then you can recover it by stopping the host (not terminate), present the root volume to another host, mounting it, edit the sudoers file, unmount, unpresent, and then start the host again. But sudoers/d may be neater. ;)



James Bromberger | Solution Architect | Amazon Web Services
E: jameseb@amazon.com 



-----Original Message-----
From: Anders Ingemann [mailto:anders@ingemann.de] 
Sent: Monday, 7 January 2013 8:18 AM
To: Chris Fordham
Cc: Charles Plessy; 697490@bugs.debian.org
Subject: Bug#697490: cloud: 697490: use sudoers.d

On 6 January 2013 22:55, Chris Fordham <chris.fordham@rightscale.com> wrote:
> This is a good example of why template-based configuration is better 
> used rather than regex/stream based editing.

well. d'uh! :-P
I did not know about sudoers.d when I wrote it, otherwise I can assure you that we wouldn't be talking about this to begin with ;-)


--
To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAMcOGXHnNZ_MgMdu_UPwMrfQRcpMfdBu7r8b5EQjaxVuMho9_w@mail.gmail.com


Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#697490; Package cloud.debian.org. (Fri, 18 Jan 2013 00:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Fri, 18 Jan 2013 00:33:03 GMT) Full text and rfc822 format available.

Message #114 received at 697490@bugs.debian.org (full text, mbox):

From: Anders Ingemann <anders@ingemann.de>
To: 697490@bugs.debian.org
Subject: Fixed
Date: Fri, 18 Jan 2013 01:31:20 +0100
[Message part 1 (text/plain, inline)]
A helpful finn fixed it:
https://github.com/andsens/ec2debian-build-ami/commit/6fd56203c7f0b2df18ce4fc247a2c0d9a8ee5b6b

Anders
[Message part 2 (text/html, inline)]

Added tag(s) pending. Request was from Charles Plessy <plessy@debian.org> to control@bugs.debian.org. (Sat, 19 Jan 2013 03:36:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 11:33:56 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.