yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #90610
[Bug 1998539] [NEW] writing of sudoers is not idempotent
Public bug reported:
after several (full) re-runs of cloud-init, my
/usr/local/etc/sudoers.d/90-cloud-init-users file looks like this:
# Created by cloud-init v. 22.3 on Wed, 05 Oct 2022 21:34:14 +0000
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
while this has no affect on sudo's functionality, it's also not deduplicated:
freebsd@fbsd14-amd64 ~> sudo -l
User freebsd may run the following commands on fbsd14-amd64:
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
given what we're trying to accomplish with writing sudoers rules, I think it would make sense to *always* rewrite the file, regardless of whether it exists or not.
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1998539
Title:
writing of sudoers is not idempotent
Status in cloud-init:
New
Bug description:
after several (full) re-runs of cloud-init, my
/usr/local/etc/sudoers.d/90-cloud-init-users file looks like this:
# Created by cloud-init v. 22.3 on Wed, 05 Oct 2022 21:34:14 +0000
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
while this has no affect on sudo's functionality, it's also not deduplicated:
freebsd@fbsd14-amd64 ~> sudo -l
User freebsd may run the following commands on fbsd14-amd64:
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
given what we're trying to accomplish with writing sudoers rules, I think it would make sense to *always* rewrite the file, regardless of whether it exists or not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1998539/+subscriptions
Follow ups
