← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #92309

[Bug 1998539] Re: writing of sudoers is not idempotent

  Thread PreviousDate PreviousThread Next 
Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/4048

** Bug watch added: github.com/canonical/cloud-init/issues #4048
   https://github.com/canonical/cloud-init/issues/4048

** Changed in: cloud-init
       Status: Triaged => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1998539

Title:
  writing of sudoers is not idempotent

Status in cloud-init:
  Expired

Bug description:
  after several (full) re-runs of cloud-init, my
  /usr/local/etc/sudoers.d/90-cloud-init-users file looks like this:

  # Created by cloud-init v. 22.3 on Wed, 05 Oct 2022 21:34:14 +0000

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  # User rules for freebsd
  freebsd ALL=(ALL) NOPASSWD:ALL

  
  while this has no affect on sudo's functionality, it's also not deduplicated:

  freebsd@fbsd14-amd64 ~> sudo -l
  User freebsd may run the following commands on fbsd14-amd64:
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL
      (ALL) NOPASSWD: ALL

  
  given what we're trying to accomplish with writing sudoers rules, I think it would make sense to *always* rewrite the file, regardless of whether it exists or not.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1998539/+subscriptions

References

  Thread PreviousDate PreviousThread Next