Debian Bug report logs - #787301
cloud.debian.org: Vagrant base box does not follow passwordless sudo recommendations

Package: cloud.debian.org; Maintainer for cloud.debian.org is Debian Cloud Team <debian-cloud@lists.debian.org>;

Reported by: Martey Dodoo <bugs.debian.org@marteydodoo.com>

Date: Sun, 31 May 2015 07:06:01 UTC

Severity: important

Tags: confirmed

Done: Emmanuel Kasper <emmanuel@libera.cc>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, bugs.debian.org@marteydodoo.com, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#787301; Package cloud.debian.org. (Sun, 31 May 2015 07:06:05 GMT) (full text, mbox, link).

Acknowledgement sent to Martey Dodoo <bugs.debian.org@marteydodoo.com>:
New Bug report received and forwarded. Copy sent to bugs.debian.org@marteydodoo.com, Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 31 May 2015 07:06:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martey Dodoo <bugs.debian.org@marteydodoo.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cloud.debian.org: Vagrant base box does not follow passwordless sudo recommendations
Date: Sun, 31 May 2015 03:02:05 -0400
Package: cloud.debian.org
Severity: important

In Vagrant's base box recommendations at
https://docs.vagrantup.com/v2/boxes/base.html, they recommend using the
following configuration for password-less sudo:

    vagrant ALL=(ALL) NOPASSWD: ALL

However, the current Vagrant base boxes for Debian use:

    vagrant ALL=NOPASSWD:ALL

This has the side effect of making commands that use sudo with a different user
account (e.g. `sudo -u postgres psql`) ask for a password, which can cause
certain provisioning commands to fail.

Added tag(s) confirmed. Request was from Emmanuel Kasper <emmanuel@libera.cc> to control@bugs.debian.org. (Sun, 31 May 2015 08:24:19 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#787301; Package cloud.debian.org. (Sun, 31 May 2015 08:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 31 May 2015 08:45:03 GMT) (full text, mbox, link).

Message #12 received at submit@bugs.debian.org (full text, mbox, reply):

From: Anders Ingemann <anders@ingemann.de>
To: Martey Dodoo <bugs.debian.org@marteydodoo.com>, 787301@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#787301: cloud.debian.org: Vagrant base box does not follow passwordless sudo recommendations
Date: Sun, 31 May 2015 08:41:25 +0000
[Message part 1 (text/plain, inline)]
Interesting. How/when was the image generated? The vagrant plugin for
bootstrap-vz uses (ALL):
https://github.com/andsens/bootstrap-vz/blob/c94e172ea19f9e44314272deb3137d74253c9411/bootstrapvz/plugins/vagrant/tasks.py#L70

On Sun, May 31, 2015 at 9:06 AM Martey Dodoo <
bugs.debian.org@marteydodoo.com> wrote:

> Package: cloud.debian.org
> Severity: important
>
> In Vagrant's base box recommendations at
> https://docs.vagrantup.com/v2/boxes/base.html, they recommend using the
> following configuration for password-less sudo:
>
>     vagrant ALL=(ALL) NOPASSWD: ALL
>
> However, the current Vagrant base boxes for Debian use:
>
>     vagrant ALL=NOPASSWD:ALL
>
> This has the side effect of making commands that use sudo with a different
> user
> account (e.g. `sudo -u postgres psql`) ask for a password, which can cause
> certain provisioning commands to fail.
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive:
> https://lists.debian.org/20150531070205.15475.46983.reportbug@highcastle
>
>

[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#787301; Package cloud.debian.org. (Sun, 31 May 2015 08:45:08 GMT) (full text, mbox, link).

Acknowledgement sent to Anders Ingemann <anders@ingemann.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 31 May 2015 08:45:08 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#787301; Package cloud.debian.org. (Sun, 31 May 2015 09:00:03 GMT) (full text, mbox, link).

Acknowledgement sent to Martey Dodoo <bugs.debian.org@marteydodoo.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Sun, 31 May 2015 09:00:03 GMT) (full text, mbox, link).

Message #22 received at 787301@bugs.debian.org (full text, mbox, reply):

From: Martey Dodoo <bugs.debian.org@marteydodoo.com>
To: Anders Ingemann <anders@ingemann.de>
Cc: 787301@bugs.debian.org
Subject: Re: Bug#787301: cloud.debian.org: Vagrant base box does not follow passwordless sudo recommendations
Date: Sun, 31 May 2015 04:49:13 -0400
On Sun, May 31, 2015 at 04:41:25AM EDT, Anders Ingemann wrote:
>Interesting. How/when was the image generated? The vagrant plugin for
>bootstrap-vz uses (ALL):
>https://github.com/andsens/bootstrap-vz/blob/c94e172ea19f9e44314272deb3137d74253c9411/bootstrapvz/plugins/vagrant/tasks.py#L70

I downloaded the image from https://atlas.hashicorp.com/debian/boxes/jessie64.

FYI, 
https://anonscm.debian.org/cgit/cloud/debian-vm-templates.git/tree/packer-virtualbox-vagrant/scripts/base.sh 
still seems to use the old syntax.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#787301; Package cloud.debian.org. (Mon, 01 Jun 2015 13:12:05 GMT) (full text, mbox, link).

Acknowledgement sent to Jan Niggemann <jn@hz6.de>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>. (Mon, 01 Jun 2015 13:12:05 GMT) (full text, mbox, link).

Message #27 received at 787301@bugs.debian.org (full text, mbox, reply):

From: Jan Niggemann <jn@hz6.de>
To: Martey Dodoo <bugs.debian.org@marteydodoo.com>, 787301@bugs.debian.org
Cc: Anders Ingemann <anders@ingemann.de>, Emmanuel Kasper <emmanuel@libera.cc>
Subject: Re: Bug#787301: cloud.debian.org: Vagrant base box does not follow passwordless sudo recommendations
Date: Mon, 01 Jun 2015 15:03:33 +0200
Zitat von Martey Dodoo <bugs.debian.org@marteydodoo.com>:

> On Sun, May 31, 2015 at 04:41:25AM EDT, Anders Ingemann wrote:
>> Interesting. How/when was the image generated? The vagrant plugin for
>> bootstrap-vz uses (ALL):
>> https://github.com/andsens/bootstrap-vz/blob/c94e172ea19f9e44314272deb3137d74253c9411/bootstrapvz/plugins/vagrant/tasks.py#L70
>
> I downloaded the image from  
> https://atlas.hashicorp.com/debian/boxes/jessie64.
These boxes are created by Emmanuel Kasper using packer.
List consensus is to use bootstrap-vz instead, but that's a WIP.

> https://anonscm.debian.org/cgit/cloud/debian-vm-templates.git/tree/packer-virtualbox-vagrant/scripts/base.sh still seems to use the old  
> syntax.
I'm sure Manu will fix this in the next release.

Jan

Added tag(s) pending. Request was from Emmanuel Kasper <emmanuel@libera.cc> to control@bugs.debian.org. (Mon, 01 Jun 2015 21:15:07 GMT) (full text, mbox, link).

Reply sent to Emmanuel Kasper <emmanuel@libera.cc>:
You have taken responsibility. (Tue, 02 Jun 2015 21:24:16 GMT) (full text, mbox, link).

Notification sent to Martey Dodoo <bugs.debian.org@marteydodoo.com>:
Bug acknowledged by developer. (Tue, 02 Jun 2015 21:24:16 GMT) (full text, mbox, link).

Message #34 received at 787301-done@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Kasper <emmanuel@libera.cc>
To: 787301-done@bugs.debian.org
Date: Tue, 02 Jun 2015 23:20:48 +0200
Thanks for the bug report.
bootstrap-vz had the right code, I also fixed the packer template in the
debian-vm-templates repository, and uploaded to Atlas cloud the new
vagrant base boxes 7.8.4 and 8.0.4 which have the fix included.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 01 Jul 2015 07:25:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 24 21:42:41 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.