cfg-update does not restore correct permissions Reproducible: Always Steps to Reproduce: 1. emerge cfg-update 2. emerge sudo 3. change some lines in /etc/sudoers 4. emerge sudo 5. cfg-update -u 6. sudo su - Actual Results: sudo: /etc/sudoers is mode 0644, should be 0440 Expected Results: go to root
vase@selfip ~ $ emerge --info Portage 2.1.4.4 (default/linux/x86/2008.0/developer, gcc-4.2.3, glibc-2.7-r2, 2.6.24-gentoo-r5 i686) ================================================================= System uname: 2.6.24-gentoo-r5 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Timestamp of tree: Mon, 30 Jun 2008 11:45:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r13, 2.5.2-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 9999 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.62 sys-devel/automake: 1.5, 1.10.1-r1 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.25-r3 ACCEPT_KEYWORDS="x86" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ANT_HOME="/usr/share/ant-core" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ARCH="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" CLASSPATH="." CLEAN_DELAY="5" CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CVS_RSH="ssh" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/media/storage/distfiles" EDITOR="/bin/nano" ELIBC="glibc" EMERGE_DEFAULT_OPTS="--verbose" EMERGE_WARNING_DELAY="10" FEATURES="buildpkg cvs digest distlocks fixpackages metadata-transfer multilib-strict nodoc noinfo parallel-fetch sandbox sfperms sign strict unmerge-orphans userfetch userpriv usersandbox" FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp ${URI} -P ${DISTDIR}" GCC_SPECS="" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" HOME="/home/vase" INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.18/info:/usr/share/gcc-data/i686-pc-linux-gnu/4.2.3/info" INPUT_DEVICES="keyboard mouse evdev" I_KNOW_WHAT_I_AM_DOING="yes" JAVAC="/etc/java-config-2/current-system-vm/bin/javac" JAVA_HOME="/etc/java-config-2/current-system-vm" JDK_HOME="/etc/java-config-2/current-system-vm" KERNEL="linux" LANG="en_US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LC_ALL="en_US.UTF-8" LESS="-R -M --shift 5" LESSOPEN="|lesspipe.sh %s" LOGNAME="vase" LS_COLORS="rs=0:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:" MAIL="/var/mail/vase" MAKEOPTS="-j2" MANPATH="/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.18/man:/usr/share/gcc-data/i686-pc-linux-gnu/4.2.3/man:/etc/java-config/system-vm/man/" PAGER="/usr/bin/less" PATH="/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.2.3" PKGDIR="/media/storage/packages" PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha hppa sparc-fbsd" PORTAGE_BINHOST_CHUNKSIZE="3000" PORTAGE_BIN_PATH="/usr/lib/portage/bin" PORTAGE_CONFIGROOT="/" PORTAGE_DEBUG="0" PORTAGE_DEPCACHEDIR="/var/cache/edb/dep" PORTAGE_ELOG_CLASSES="warn error log" PORTAGE_ELOG_MAILFROM="root@selfip.ru" PORTAGE_ELOG_MAILSUBJECT="package ${PACKAGE} merged on ${HOST} with notice" PORTAGE_ELOG_MAILURI="root" PORTAGE_ELOG_SYSTEM="save_summary echo" PORTAGE_GID="250" PORTAGE_INST_GID="0" PORTAGE_INST_UID="0" PORTAGE_IUSE="^(alpha|alsa_cards_aoa|alsa_cards_aoa-fabric-layout|alsa_cards_aoa-onyx|alsa_cards_aoa-soundbus|alsa_cards_aoa-soundbus-i2s|alsa_cards_aoa-tas|alsa_cards_aoa-toonie|alsa_cards_armaaci|alsa_cards_at91-soc|alsa_cards_at91-soc-eti-b1-wm8731|alsa_cards_au1x00|alsa_cards_harmony|alsa_cards_powermac|alsa_cards_pxa2xx-i2sound|alsa_cards_pxa2xx-soc|alsa_cards_pxa2xx-soc-corgi|alsa_cards_pxa2xx-soc-poodle|alsa_cards_pxa2xx-soc-spitz|alsa_cards_pxa2xx-soc-tosa|alsa_cards_sa11xx-uda1341ts|alsa_cards_sun-amd7930|alsa_cards_sun-cs4231|alsa_cards_sun-dbri|altivec|amd64|aqua|arm|bmp|bmpx|bootstrap|build|coreaudio|crosscompile_opts_.*|elibc_.*|elibc_Darwin|elibc_DragonFly|elibc_FreeBSD|elibc_NetBSD|elibc_OpenBSD|elibc_glibc|elibc_uclibc|emul-linux-x86|hppa|ia64|ibm|infopipe|kernel_.*|kernel_Darwin|kernel_FreeBSD|kernel_linux|m68k|mips|mplayer-bin|multilib|n32|n64|pam_console|pbbuttonsd|ppc|ppc64|ppcsha1|s390|selinux|sh|sparc|sparc-fbsd|uclibc|ultra1|userland_.*|userland_BSD|userland_Darwin|userland_GNU|video_cards_impact|video_cards_newport|video_cards_sunbw2|video_cards_suncg14|video_cards_suncg3|video_cards_suncg6|video_cards_sunffb|video_cards_sunleo|video_cards_suntcx|vis|x86|x86-fbsd|xmms)$" PORTAGE_PYM_PATH="/usr/lib/portage/pym" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_RSYNC_RETRIES="3" PORTAGE_TMPDIR="/var/tmp" PORTAGE_USE="elibc_glibc kernel_linux userland_GNU x86" PORTAGE_WORKDIR_MODE="0700" PORTDIR="/media/storage/repositories/gentoo" PORTDIR_OVERLAY="/media/storage/repositories/selfip" PWD="/home/vase" PYTHONDOCS="/usr/share/doc/python-docs-2.4.4/html/lib" PYTHONPATH="/usr/lib/portage/pym" RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp ${URI} -P ${DISTDIR}" ROOT="/" ROOTPATH="/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.2.3" RPMDIR="/usr/portage/rpm" SHELL="/bin/bash" SHLVL="1" SSH_CLIENT="85.235.196.138 39894 22" SSH_CONNECTION="85.235.196.138 39894 77.222.33.78 22" SSH_TTY="/dev/pts/4" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" TERM="xterm" USE="acl acpi bash-completion berkdb bluetooth bzip2 cairo cdr cgi cli cracklib crypt ctype curl curlwrappers dbus dri dvd dvdr dvdread eds emboss encode esd evo exif fam fastcgi firefox force-cgi-redirect fortran ftp gd gdbm gif gnutls gpm gstreamer hal iconv idn imap ipv6 isdnlog jpeg json libedit libnotify mad mailwrapper midi mikmod mmx mp3 mpeg mudflap mysql mysqli ncurses nls nptl nptlonly ogg opengl openmp pcre pdf pdo png posix ppds pppd python qt3support quicktime readline reflection sdl session sharedext simplexml snmp soap sockets spell spl sqlite sqlite3 sse sse2 sse3 ssl startup-notification suhosin svg symlink threads tidy tiff truetype unicode vim-syntax vorbis wddx win32codecs x86 xattr xml xmlreader xmlrpc xmlwriter xorg xsl xv zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" USER="vase" USERLAND="GNU" USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS" USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND" USE_ORDER="env:pkg:conf:defaults:pkginternal:env.d" VIDEO_CARDS="fbdev glint i810 mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" _="/usr/bin/emerge"
Stephan, when using 3-way merge, cfg-update saves the merged file under a new name (/etc/sudoers.merge or so), and copies it to the original name (/etc/sudoers) including permissions, using cp -p, but the permissions of the newly created file aren't likely to be useful. Would you mind overwriting the data of the existing file only, and nothing else? And if you agree, do you know if cfg-update handles other cases where cp -p _is_ the right way to go?
> Would you mind overwriting the data of the existing > file only, and nothing else? And if you agree, do you know > if cfg-update handles other cases where cp -p _is_ the > right way to go? Hi, No I don't mind, I'll change the way cfg-update saves the .merge files into overwriting the original file with the contents of the .merge file followed by deleting the .merge file. That will fix this problem. I'll do an extra check on the "cp -p" occurances to see if changing this causes problems in other cases. This weekend I have some time to make some changes. I'll keep you updated. Regards, Stephan
Unfortunately I have not had time to fix this issue yet. Way too busy at work plus I've got a high maintenance girlfriend which effectively fills up any gap that's left in my agenda ;) But I already do know how I'm going to solve it. Cfg-update will store the file permissions in a variable at the beginning of a session. When done updating the file, cfg-update will check if the permissions have changed and if so, restore the proper file permissions. I'm having a week off at the end of the month (wk31). I have already put "fixing cfg-update" in my agenda as my primary vacation goal :) Regards, Stephan ************************************************************************** By the way, I am looking for someone capable to fully adopt cfg-update as I'm unable to support it the way it should be supported! **************************************************************************
WONTFIX per bug 303199
Taking over maintenance.
I'm not seeing this problem today - perhaps I'm not reproducing it correctly or something changed with sudo/portage or this was fixed at some point without this being closed. I'm going to close this for now, but if it is still an issue please do re-open and ideally provide a script that reproduces it.
