jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-973) Sudo configuration for Suse Enterprise which prevents execution of superuser commands
Date Fri, 16 Oct 2015 09:51:05 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14960436#comment-14960436
] 

ASF subversion and git services commented on JCLOUDS-973:
---------------------------------------------------------

Commit c6f2d8461159c8dbde622a616b808166f26067a5 in jclouds's branch refs/heads/1.9.x from
[~yanchev]
[ https://git-wip-us.apache.org/repos/asf?p=jclouds.git;h=c6f2d84 ]

JCLOUDS-973 Extending the sudo's configuration

- Adding env_reset to the default configuration in /etc/sudoers
- Adding secure_path to the default configuration in /etc/sudoers
- secure_path value is
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"


> Sudo configuration for Suse Enterprise which prevents execution of superuser commands
> -------------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-973
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-973
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-compute, jclouds-scriptbuilder
>    Affects Versions: 1.9.0, 2.0.0
>         Environment: Suse Enterprise Linux 11 SP3 on AWS
>            Reporter: Yavor Yanchev
>             Fix For: 2.0.0
>
>
> Some older Suse versions have a configuration which prevents provisioning of VMs with
jclouds.
> One such version is Suse Enterprise Linux 11. Its default PATH configuration for ordinary
users is missing privileged paths such as */usr/sbin* and */sbin*.
> The problem is explained with more details at: https://features.opensuse.org/310406
> Current configuration for sudo created by jclouds 
> {code}
> # cat /etc/sudoers
> root ALL = (ALL) ALL
> %wheel ALL = (ALL) NOPASSWD:ALL
> {code}
> It needs superuser paths to be part of the default user PATH configuration. This is the
case for RedHat- and Debian-derivatives, but not for SLES 11
> If jclouds' configuration for sudo is extended with the following the parameters:
> {code}
> Defaults    env_reset
> Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> {code}
> So it creates /etc/sudoers like:
> {code}
> Defaults    env_reset
> Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> root ALL = (ALL) ALL
> %wheel ALL = (ALL) NOPASSWD:ALL
> {code}
> It will retain full backward compatibility and provide workaround for Suse deployments
where sudo is needed and/or used.
> Adding the parameters will not change the current behavior. It will just make it more
explicit, because
> 1. By default, the env_reset option is enabled
> 2. secure_path parameter is already used by most of the Linux distributions



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message