Bug 439164

Summary: Sudo unusable after using yast to edit it
Product: [openSUSE] openSUSE 11.1 Reporter: Stephane Delcroix <sdelcroix>
Component: YaST2Assignee: Katarina Machalkova <kmachalkova>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P2 - High    
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: y2logs

Description Stephane Delcroix 2008-10-27 12:37:45 UTC 
the "Sudo" tool in yast2 writes the rules in an inappropriate order, making sudo unusable.

basically, after adding a rule using the tool, /etc/sudoers looks like this:

[...]
sde     ALL = (ALL) NOPASSWD: /usr/bin/zypper
ALL     ALL = (ALL) ALL
[...]

and sudo keeps asking for a pasword.

swapping the lines order to 
ALL     ALL = (ALL) ALL
sde     ALL = (ALL) NOPASSWD: /usr/bin/zypper

fixes it.

Note that opening the file with the yast-sudo tool reshuffle the file :(
Comment 1 Michal Seben 2008-10-27 13:13:38 UTC 
Please attach y2logs. If you are in doubt follow:

http://en.opensuse.org/Bugs/YaST

Thanks!
Comment 2 Stephane Delcroix 2008-10-27 13:29:17 UTC 
Created attachment 248099 [details]
y2logs

Here you are.

I still don't get why you keep asking for y2logs for every yast related bug. Were you unable to reproduce it on your machine ? or is it just yet another barrier to try to keep the open bugs number low ?

No offense, am just asking.
Comment 3 Stephane Delcroix 2008-11-03 11:06:17 UTC 
this is a really annoying issue. any update ?
Comment 4 Katarina Machalkova 2008-11-05 12:56:46 UTC 
> this is a really annoying issue. any update ?

Agreed. It has been reported already against openSUSE 11.0, but far too late for submitting fix to the final release.

The reason why it works this way is that map (associative container) is used to store information about sudo rules with user names as keys and it is always sorted alphabetically. This must be changed to list (or something non-associative), but the change is rather big and non-trivial and it has to be properly tested
Comment 5 Stephane Delcroix 2008-11-05 13:11:58 UTC 
(In reply to comment #4 from Katarina Machalkova)
>and it has to be properly tested

anything, even untested, is better than the current situation where 1)nothing works, 2)the tool corrupt working sudoers file

it looks like it's more an issue of writing the patch than testing it :)