You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Yavor Yanchev (JIRA)" <ji...@apache.org> on 2015/07/27 19:29:05 UTC

[jira] [Created] (JCLOUDS-973) Sudo configuration for Suse Enterprise which prevents execution of superuser commands

Yavor Yanchev created JCLOUDS-973:
-------------------------------------

             Summary: Sudo configuration for Suse Enterprise which prevents execution of superuser commands
                 Key: JCLOUDS-973
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-973
             Project: jclouds
          Issue Type: Bug
    Affects Versions: 1.9.0, 2.0.0
         Environment: Suse Enterprise Linux 11 SP3 on AWS
            Reporter: Yavor Yanchev


Some older Suse versions have a configuration which prevents provisioning of VMs with jclouds.
One such version is Suse Enterprise Linux 11. Its default PATH configuration for ordinary users is missing privileged paths such as */usr/sbin* and */sbin*.
The problem is explained with more details at: https://features.opensuse.org/310406

Current configuration for sudo created by jclouds 
# cat /etc/sudoers
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
{code}
It needs superuser paths to be part of the default user PATH configuration. This is the case for RedHat- and Debian-derivatives, but not for SLES 11

If jclouds' configuration for sudo is extended with the following the parameters:
{code}
Defaults    env_reset
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
{code}

So it creates /etc/sudoers like:
{code}
Defaults    env_reset
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL = (ALL) ALL
%wheel ALL = (ALL) NOPASSWD:ALL
{code}

It will retain full backward compatibility and provide workaround for Suse deployments where sudo is needed and/or used.

Adding the parameters will not change the current behavior. It will just make it more explicit, because
1. By default, the env_reset option is enabled
2. secure_path parameter is already used by most of the Linux distributions



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)