FS#45722 - [sudo] 1.8.14.pi-1, /var/db/sudo/lectured/ is not created.

Attached to Project: Arch Linux
Opened by Jonathan Roemer (pid1) - Monday, 20 July 2015, 16:27 GMT
Last edited by Evangelos Foutras (foutrelis) - Tuesday, 21 July 2015, 12:15 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Evangelos Foutras (foutrelis)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

After upgrading to sudo version 1.8.14.p1-1, a user entry in /var/db/sudo/lectured is not created, even when Defaults lecture=once is explicitly set in

Steps to reproduce:

1) A) Uninstall sudo and install sudo version 1.8.14.p1-1, or B) upgrade to 1.8.14.p1-1 and ensure /var/sudo/db/lectured is empty.
2) Add Defaults lecture=once with visudo as root
3) sudo -i as a user
4) Drop privileges
5) Open a new terminal window
6) sudo -i as that same user
Expected Behavior: The lecture should not appear.
Observed Behavior: The lecture reappears.

Workaround: Manually "touch <username>" as root in /var/sudo/db/lectured

Additional info:
/etc/sudoers
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
Defaults lecture=once
##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Tuesday, 21 July 2015, 12:15 GMT
Reason for closing:  Fixed
Additional comments about closing:  sudo 1.8.14.p2-1
Comment by Jonathan Roemer (pid1) - Monday, 20 July 2015, 16:28 GMT
The title is inaccurate. I forgot to change it before submitting. It should read "/var/db/sudo/lectured/ user entries are not created"
Comment by Parker Reed (parkerlreed) - Monday, 20 July 2015, 17:59 GMT
Touching my username in /var/db/sudo/lectured fixes this for me.
Comment by Jonathan Roemer (pid1) - Monday, 20 July 2015, 18:01 GMT
As noted by Parker, the path in " Workaround: Manually "touch <username>" as root in /var/sudo/db/lectured" is incorrect. That should be /var/db/sudo/lectured/.
Comment by Jonathan Roemer (pid1) - Tuesday, 21 July 2015, 02:23 GMT

Loading...