Ubuntu on EC2

vmbuilder should write sudoers file with admin group

Bug #423497 reported by Ashish Jain on 2009-09-03

This bug affects 1 person

	Status	Importance	Assigned to
Ubuntu on EC2	Invalid	Medium	Unassigned
Karmic	Invalid	Medium	Unassigned
VMBuilder	Fix Released	Undecided	Scott Moser
vm-builder (Ubuntu)	Fix Released	Medium	Scott Moser

Bug Description

/etc/sudoers file in above mentioned AMI doesn't have group 'admin' included to have sudo access.

(This might be same in other types of AMI too, not sure).

Either it should be documented in EC2 notes, how to add sudo user.
Now for AMI image, it involves two steps
1. Add user to 'admin' group
2. Edit sudoers file to allow that group to be sudo enabled.

There is other alternative like
a. Add specific user to sudoers file

Thanks
Ashish Jain
http://www.jframeworks.com

Tags:

Related branches

lp:vmbuilder/trunk

lp:ubuntu/lucid/vm-builder

Jamie Strandboge (jdstrand) on 2009-09-03

security vulnerability:	yes → no
visibility:	private → public

Scott Moser (smoser) on 2009-09-04

Changed in ubuntu-on-ec2:
importance:	Undecided → Medium
status:	New → Confirmed

Scott Moser (smoser) on 2009-09-08

tags:

added: ec2-images uec-images

Scott Moser (smoser) on 2009-09-08

Changed in vm-builder (Ubuntu):
importance:	Undecided → Medium
status:	New → Confirmed
Changed in ubuntu-on-ec2:
status:	Confirmed → Invalid

Revision history for this message

Eric Hammond (esh) wrote on 2009-09-22:

Are we sure that group "admin" should have sudo rights by default in Karmic? It doesn't in Jaunty.

When this bug was submitted, the AMI in question had a comment in /etc/sudoers which claimed that "admin" should have sudo privs, but the actual line to implement this was missing.

The latest Alpha-6 Karmic AMI does not include the comment and looks like the file is reasonable to me. Perhaps somebody could compare it to a standard Karmic /etc/sudoers; the only difference should be that "ubuntu" has sudo on everything.

Revision history for this message

Scott Moser (smoser) wrote on 2009-09-22: Re: [Bug 423497] Re: Sudoers file is misconfigured in AMI ami-5059be39

On Tue, 22 Sep 2009, Eric Hammond wrote:

> Are we sure that group "admin" should have sudo rights by default in
> Karmic? It doesn't in Jaunty.

I just checked a vm desktop install of jaunty. That is identical to my
karmic laptop.

$ sudo grep admin /etc/sudoers
[sudo] password for ubuntu:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

By default on ubuntu, members of the admin group can sudo with their
password. On ec2 images, the ubuntu user can sudo *without* a password.

I believe the request here was to add the group 'admin' back to sudoers so
that methods to add root access to a user would work on ec2 the same as on
non-ec2.

At least, what I was intending on doing was insert an admin line before
'ubuntu's entry, so that members of the group admin could use sudo to
become root by providing their password. Ie, new /etc/sudoers would
have:

root ALL=(ALL) ALL
ubuntu ALL=(ALL) NOPASSWD:ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

Scott Moser (smoser) on 2009-09-22

Changed in vm-builder (Ubuntu):
assignee:	nobody → Scott Moser (smoser)
milestone:	none → ubuntu-9.10-beta
status:	Confirmed → In Progress

Revision history for this message

Eric Hammond (esh) wrote on 2009-09-22: Re: Sudoers file is misconfigured in AMI ami-5059be39

Upon further review, I stand corrected and the bug stands.

Scott Moser (smoser) on 2009-09-23

Changed in vmbuilder:
assignee:	nobody → Scott Moser (smoser)
status:	New → Fix Committed

Scott Moser (smoser) on 2009-09-25

Changed in vm-builder (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Scott Moser (smoser) wrote on 2009-10-02:

I'm un-milestoning this bug. The changes have been commited to vmbuilder trunk. vmbuilder trunk is what we're using to build the images for ec2/uec. The fix is also released in those images (included in beta images). What is left is the needed is to update vmbuilder.

summary:	- Sudoers file is misconfigured in AMI ami-5059be39 + vmbuilder should write sudoers file with admin group
Changed in vm-builder (Ubuntu):
milestone:	ubuntu-9.10-beta → none

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-10-22:

This bug was fixed in the package vm-builder - 0.11.2-0ubuntu1

---------------
vm-builder (0.11.2-0ubuntu1) karmic; urgency=low

* New upstream (bugfix-only) release. (LP: #410886, #439868, #426438, #429169, #423497)

-- Soren Hansen <email address hidden> Thu, 22 Oct 2009 15:07:36 +0200

Changed in vm-builder (Ubuntu):
status:	Fix Committed → Fix Released

Soren Hansen (soren) on 2009-10-22

Changed in vmbuilder:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.