You are not logged in.

#1 2023-04-20 17:21:07

rado84
Banned
From: Sofia, Bulgaria
Registered: 2019-05-12
Posts: 135

A friendly complaint about the sudo package

As angry as I am at the moment, I'll do my best to keep this post as friendly as possible.

Why on Earth does the sudo package come with sudoers file inside the archive? https://i.imgur.com/G0U36ne.png (too big for the img tag and too lazy to make a thumbnail)
It should come without the sudoers file, so that the update doesn't screw up people's systems.
I just found out (the hard way) that my user has been "thrown out" from the sudoers file when the terminal told me I had no rights to do that and that made me double check if by some fluke I had migrated to Crapindows 10, instead of Arch Linux.
I won't bother you with the details what made me check the sudoers file but it turned out my user wasn't there anymore bc the sudoers file has been replaced with the one from the screenshot above.
But being a stubborn S.O.B. who doesn't give up easily, I found an easy solution which would save me from that trouble in the future. But I ask myself "why do we have to resort to such extreme measures when it's a lot easier to simply ship the sudo package without a sudoers file?".
As for the solution, it was to make the sudoers file immutable or as I like to call it - make it immortal bc after that nothing can change it (nothing, except for full device format). First, login as root, edit sudoers to include my user, save, login back to my user and do this:

sudo chattr +i /etc/sudoers

and voilà, the deed is done and from that command on I won't be thrown out from sudoers anymore. But the question remains: Why do we have to resort to such extreme measures when it's a lot easier to simply ship the sudo package without a sudoers file? Or, at the very least, the user should be asked whether they want the sudoers file to be replaced and with a warning that doing so will deprive their user from sudo rights.

Last edited by rado84 (2023-04-20 17:21:49)


Core i7-4770, GTX 1660 Ti, 32 GB RAM, Arch 6.x LTS, Cinnamon 5.2.7, GDM

Offline

#2 2023-04-20 17:26:05

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 13,027
Website

Re: A friendly complaint about the sudo package

https://github.com/archlinux/svntogit-p … GBUILD#L17
https://wiki.archlinux.org/title/Pacman … ckup_files

If your sudoers file was replaced with the packaged version, then you explicitly allowed that.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2023-04-20 17:36:11

rado84
Banned
From: Sofia, Bulgaria
Registered: 2019-05-12
Posts: 135

Re: A friendly complaint about the sudo package

No, I didn't explicitly allow it. Sudoers comes with the sudo package (look at the screenshot) and when sudo is being unpacked, all the files in it replace the existing ones.
But nvm, making the sudoers file immortal makes sure this won't happen anymore.


Core i7-4770, GTX 1660 Ti, 32 GB RAM, Arch 6.x LTS, Cinnamon 5.2.7, GDM

Offline

#4 2023-04-20 17:46:12

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,101

Re: A friendly complaint about the sudo package

You didn't read the second link WorMzy gave you, did you. It will NOT be overwritten if you've modified it.

Offline

#5 2023-04-20 17:46:28

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 24,812

Re: A friendly complaint about the sudo package

No it does not, you seemingly didn't read the second link you were posted.

Edit: Feck

Last edited by V1del (2023-04-20 17:47:28)

Offline

#6 2023-04-20 17:50:47

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: A friendly complaint about the sudo package

As an abrasive loudmouth ass myself, the tone of your post isn't so troubling to me, but the complete falsehood of nearly every point in it is (it's not righteous indignation when you're completely wrong ... wrongeous indignation?).  You are completely incorrect about how pacman works, and about the source of whatever undescribed problem you faced.  The sudoers file provided by the package will not overwrite your sudoers file if there have been any changes to it, but rather a .pacnew file would be created.

It's possible that you just foolheartedly moved the pacnew into place without taking a moment to think through what you were doing (or ran some automated tool that did this for you) - this would be in-character based on your approach to making this thread here.  But in that case, you have no one but yourself to blame.

Last edited by Trilby (2023-04-20 17:53:18)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#7 2023-04-20 18:01:51

rado84
Banned
From: Sofia, Bulgaria
Registered: 2019-05-12
Posts: 135

Re: A friendly complaint about the sudo package

I've already seen this link before and I know about .pacnew and .pacsave. But these files have so far appeared only for certain packages, never for sudoers.

https://i.imgur.com/YyJ6QXT.png

The updating process has always been automated and has never asked me anything. It always goes like this:
1. Issueing a command to initiate the update.
2. Downloading packages.
3. Updating packages.
4. Displaying a message that an existing config file has been found, so a new one has been created with an extension 'pacnew'.
5. Update done.
6. Issueing a command to delete everything in /var/cache/pacman/pkg.
and 7., if necessary, issueing a command to reboot.
The terminal has never actually asked me "Do you want this or that file to be replaced? Y/N". It only does everything automatically, creating pacnew files automatically but as you can see - there's no sudoers.pacnew.
And it would be illogical for me to explicitly allow sudoers to be replaced, since I know what that will lead to.

The only thing that asks me for things and awaits my response is the downgrade package and trizen when it waits for me to enter my user password. Pacman has NEVER ever asked me for anything, it only does what it knows without asking for my intervention.


moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2023-04-20 22:35:23)


Core i7-4770, GTX 1660 Ti, 32 GB RAM, Arch 6.x LTS, Cinnamon 5.2.7, GDM

Offline

#8 2023-04-20 18:02:45

3beb6e7c46a615a
Member
Registered: 2021-03-27
Posts: 165

Re: A friendly complaint about the sudo package

If you'd like to avoid this situation in future you can also leave "/etc/sudoers" untouched. The default sudoers file includes an "include" stanza for "/etc/sudoers.d", so you can also add extra
configuration snippets to this directory, e.g. "/etc/sudoers.d/add-my-user-account".  Pacman does not even know about files at this place, and will definitely not overwrite these, no matter what.

Edit: Removed the first part of my post, was way too late.

Last edited by 3beb6e7c46a615a (2023-04-20 18:04:00)

Offline

#9 2023-04-20 18:06:17

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: A friendly complaint about the sudo package

Post the output of `pacman -Qii sudo`

If you are using sudo from the arch linux repositories you would get a pacnew.  Are you perhaps still using anarchy or some other arch-based distro ... which you've been warned about (including "final warnings") countless times?

Last edited by Trilby (2023-04-20 18:12:18)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#10 2023-04-20 18:55:45

rado84
Banned
From: Sofia, Bulgaria
Registered: 2019-05-12
Posts: 135

Re: A friendly complaint about the sudo package

Trilby wrote:

Post the output of `pacman -Qii sudo`

If you are using sudo from the arch linux repositories you would get a pacnew.  Are you perhaps still using anarchy or some other arch-based distro ... which you've been warned about (including "final warnings") countless times?

Not anymore. Anarchy was abandoned in 2021 and you can't even install with it anymore, Arco is a BS whose installer freezes upon booting up from the ISO which forced me to learn the text-based installation. Manjaro is in my personal blacklist bc it broke the MBR of my disk several times. At some point I was thinking about moving to BlackArch but I decided to leave that for farther time in the future. These are all the Arch-based distros that I know of and none of them works properly, thus I had no choice but to learn the text-based installation of Arch. And the archinstall script was glitchy the last time I tried using it, so installing Arch the traditional way was the only course of action left. That's how I learned that I had to install the X server packages first or the desktop wouldn't start, LOL And finally, after the 7th attempt at text-based installation, I finally had a running Arch with a desktop.

Here's your request for the output of sudo dependencies. I ran it through google for translation bc the most of the text was in Bulgarian and I doubt you'd be able to understand even half of it.

[rado@arch]: ~>$ deps sudo
Name : sudo
Version : 1.9.13.p3-1
Description: Give certain users the ability to run some commands as root
Architecture: x86_64
URL : https://www.sudo.ws/sudo/
Licenses: custom
Groups : Nothing
Delivers : Nothing
Dependencies: glibc openssl pam libldap zlib libcrypto.so=3-64 libssl.so=3-64
Additional dependencies : None
Required by : None
Addendum for : downgrade libisoburn pacman-contrib refind
Conflicts with : Nothing
Replaces : Nothing
Installed size : 7.21 MiB
Packager : Evangelos Foutras <foutrelis@archlinux.org>
Creation date: 03/06/2023 (Mon) 19:55:35
Installation date : 19.03.2023 (Sun) 12:08:00
Install reason : Explicitly installed
Install script : Yes
Validated by : SHA-256 sum
Backup files:
UNMODIFIED /etc/pam.d/sudo
UNMODIFIED /etc/sudo.conf
UNMODIFIED /etc/sudo_logsrvd.conf
UNREADABLE /etc/sudoers

IDK why sudoers is unreadable. It's possible it's like that bc I made it immutable. But then again that might be related to the fact I'm running the -Qii without sudo, considering grub.cfg is also unreadable and it becomes readable only if I add sudo in front of the command.

And if you still don't believe me that I'm using a pure arch, I think this shows what you need to know bc you can't trick the terminal, it always knows what distro you're running:

https://i.imgur.com/JQ6upbH.png


moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2023-04-20 22:35:53)


Core i7-4770, GTX 1660 Ti, 32 GB RAM, Arch 6.x LTS, Cinnamon 5.2.7, GDM

Offline

#11 2023-04-20 19:09:59

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,410

Re: A friendly complaint about the sudo package

IDK why sudoers is unreadable.

stat /etc/sudoers

That's why.

trizen when it waits for me to enter my user password

"Pacman is you package mananger"

Ftr, you can enforce the protection of files w/ the NoUpgrade key in pacman.conf, https://man.archlinux.org/man/core/pacm … .conf.5.en
But as pointed out, etc/sudoers is in the packages backup list and won't be overwritten by pacman and default (though I cannot say for sure wrt trizen, but it's advertised as thin pacman wrapper and should™ not pull this kind of stunt)

Incidentally, what's the output of

pacman-conf

Offline

#12 2023-04-20 19:10:59

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,410
Website

Re: A friendly complaint about the sudo package

rado84 wrote:

IDK why sudoers is unreadable.

That's normal if you run `pacman -Qii` as a regular user.  If you run pacman -Qii as root, you will see it flagged instead as either MODIFIED or UNMODIFIED.  But in either case, it is listed in the backup files.  Pacman will not overwrite a modified file listed in this backup files list ... ever.

Thanks for confirming this is vanilla arch now.  My suspicion was not based just on your previous posts here, but the issues in both this and your other currently active thread could very easily be explained by differences in a derivative distro.


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

#13 2023-04-22 14:22:50

rado84
Banned
From: Sofia, Bulgaria
Registered: 2019-05-12
Posts: 135

Re: A friendly complaint about the sudo package

seth wrote:

"Pacman is you package mananger"

Incidentally, what's the output of

pacman-conf

There are things available only in AUR which I can't unstall via pacman. I only mentioned trizen as a case where the terminal asks for my input.

The NoUpgrade function doesn't work for everything. For instance, it doesn't work for mpv.desktop. The presence of that file clutters the "open with" context menu for video files and I have to delete it every time. But I found another way to get rid of it (I use mpv only as a backend, so I don't need its 'desktop' file).

As for what you asked:

[rado@arch]: ~>$ pacman-conf
[options]
RootDir = /
DBPath = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
HookDir = /etc/pacman.d/hooks/
GPGDir = /etc/pacman.d/gnupg/
LogFile = /var/log/pacman.log
HoldPkg = pacman
HoldPkg = glibc
IgnorePkg = pacman-mirrorlist
IgnorePkg = breeze-icons
IgnorePkg = qbittorrent-qt5
IgnorePkg = pinta
IgnorePkg = lib32-nvidia-utils
IgnorePkg = nvidia-settings
IgnorePkg = nvidia-utils
IgnorePkg = nvidia-dkms
NoUpgrade = KolourPaint.desktop
NoUpgrade = mplayer.desktop
NoUpgrade = smplayer_enqueue.desktop
NoUpgrade = mpv.desktop
NoUpgrade = vlc.desktop
NoUpgrade = xorg.conf
NoUpgrade = xviewer.desktop
NoUpgrade = mimeinfo.cache
NoUpgrade = steam_tray_mono.png
Architecture = x86_64
ParallelDownloads = 3
CleanMethod = KeepInstalled
SigLevel = PackageNever
SigLevel = DatabaseNever
[core]
Usage = All
Server = http://mirror.host.ag/archlinux/core/os/x86_64
[extra]
Usage = All
Server = http://mirror.host.ag/archlinux/extra/os/x86_64
[community]
Usage = All
Server = http://mirror.host.ag/archlinux/community/os/x86_64
[multilib]
Usage = All
Server = http://mirror.host.ag/archlinux/multilib/os/x86_64

Core i7-4770, GTX 1660 Ti, 32 GB RAM, Arch 6.x LTS, Cinnamon 5.2.7, GDM

Offline

#14 2023-04-22 14:43:55

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 69,410

Re: A friendly complaint about the sudo package

There are things available only in AUR which I can't unstall via pacman.

"uninstall" is trivially false, "install" is still false, https://wiki.archlinux.org/title/Aur

The presence of that file clutters the "open with" context menu for video files and I have to delete it every time.

That would ask for "NoExtract", not "NoUpgrade"

SigLevel = PackageNever

WHAT! THE! FUCK!

IgnorePkg = pacman-mirrorlist

You're supposed to get a /etc/pacman.d/mirrorlist.pacnew here as well.
If you just want to avoid that, fine. Otherwise this suggests there#s something structurally broken w/ your update process.

Otherwise nothing there suggests that your sudoers could be touched, so we'll have to blame/rule out trizen for now.

Offline

#15 2023-04-22 15:25:00

schard
Forum Moderator
From: Hannover
Registered: 2016-05-06
Posts: 2,424
Website

Re: A friendly complaint about the sudo package

seth wrote:

SigLevel = PackageNever

Possibly a rage quit on outdated keyrings. Still a monumentally bad idea.
We still have not seen (as root):

pacman -Qii sudo

Last edited by schard (2023-04-22 15:25:13)


Inofficial first vice president of the Rust Evangelism Strike Force

Offline

Board footer

Powered by FluxBB