(not sure if this is the right place to post it, i trust someone will move it if it isn't) after updating my system, including a new version of the sudo package, i got the usual message about some config files in /etc that needed to be updated. i do this with dispatch-conf ever since i had some nasty surprises with config files being overwritten by updates. lucky, because the sudoers file had an update that would like to remove all sudo permissions from my system. i don't think i want that, tyvm :) I'm surprised by this, really, because i've noticed in some other packages that updates tend to take the existing config and try to update it with a new version while still keeping the changes made by the sysadmin. i would think something as important as /etc/sudoers would use this technique, too... Reproducible: Didn't try Steps to Reproduce: 1. update an older version of app-admin/sudo to 1.7.0 2. run dispatch-conf Actual Results: got a diff like this: --- /etc/sudoers 2009-01-10 01:26:48.000000000 +0100 +++ /etc/._cfg0000_sudoers 2009-01-15 00:00:20.000000000 +0100 @@ -1,6 +1,8 @@ # sudoers file. # # This file MUST be edited with the 'visudo' command as root. +# Failure to use 'visudo' may result in syntax or file permission errors +# that prevent sudo from running. # # See the sudoers man page for the details on how to write a sudoers file. # @@ -13,50 +15,17 @@ # Defaults specification -# Reset environment by default -#Defaults env_reset - -# Uncomment to allow users in group wheel to export variables -#Defaults:%wheel env_keep=PATH #!env_reset - -# Allow users in group users to export specific variables -# Defaults:%users env_keep=TZ - -# Allow specific user to bypass env_delete for TERMCAP -# Defaults:user env_delete-=TERMCAP - -# Set default EDITOR to vi, and do not allow visudo to use EDITOR/VISUAL. -# Defaults !env_editor, editor=/usr/bin/vim, env_keep=PATH -Defaults env_keep=PATH - # Runas alias specification -# *** REMEMBER *************************************************** -# * GIVING SUDO ACCESS TO USERS ALLOWS THEM TO RUN THE SPECIFIED * -# * COMMANDS WITH ELEVATED PRIVILEGES. * -# * * -# * NEVER PERMIT UNTRUSTED USERS TO ACCESS SUDO. * -# **************************************************************** - # User privilege specification -root ALL=(ALL) ALL +root ALL=(ALL) ALL # Uncomment to allow people in group wheel to run all commands -#%wheel ALL=(ALL) ALL +# %wheel ALL=(ALL) ALL # Same thing without a password -%wheel ALL=(ALL) ALL: ALL -%backup ALL=(ALL) NOPASSWD: /sbin/mount /mnt/backup/vesa,/sbin/umount /mnt/backup/vesa,/sbin/mount /mnt/backup/igwe,/sbin/umount /mnt/backup/igwe, /bin/su backup -%mailman ALL=(ALL) NOPASSWD: /usr/sbin/postalias /var/lib/mailman/data/aliases, /usr/sbin/postmap -%games ALL=(jovdmeer) NOPASSWD: /usr/bin/eve -%users ALL=(ALL) NOPASSWD: /sbin/cp_hist - -# Users in group www are allowed to edit httpd.conf using sudoedit, or -# sudo -e, without a password. -# %www ALL=(ALL) NOPASSWD: sudoedit /etc/httpd.conf +# %wheel ALL=(ALL) NOPASSWD: ALL # Samples -# %users ALL=/bin/mount /cdrom,/bin/umount /cdrom +# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now -# -# vim:ts=4 >> (2 of 10) -- /etc/sudoers >> q quit, h help, n next, e edit-new, z zap-new, u use-new m merge, t toggle-merge, l look-merge: Expected Results: I'd expect something like this: --- /etc/sudoers 2009-01-10 01:26:48.000000000 +0100 +++ /etc/._cfg0000_sudoers 2009-01-15 00:00:20.000000000 +0100 @@ -1,6 +1,8 @@ # sudoers file. # # This file MUST be edited with the 'visudo' command as root. +# Failure to use 'visudo' may result in syntax or file permission errors +# that prevent sudo from running. # # See the sudoers man page for the details on how to write a sudoers file. # @@ -13,50 +15,17 @@ # Runas alias specification # User privilege specification -root ALL=(ALL) ALL +root ALL=(ALL) ALL # Uncomment to allow people in group wheel to run all commands -#%wheel ALL=(ALL) ALL +# %wheel ALL=(ALL) ALL +# %wheel ALL=(ALL) NOPASSWD: ALL # Samples -# %users ALL=/bin/mount /cdrom,/bin/umount /cdrom +# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom >> (2 of 10) -- /etc/sudoers >> q quit, h help, n next, e edit-new, z zap-new, u use-new m merge, t toggle-merge, l look-merge:
This is why we *have* tools like dispatch-conf and etc-update - So you can review changes before blindly copying it over like other distros. Assigning to maintainer for review but I'm fairly certain that this won't be fixed. Actually, I don't think this even can be "fixed" - there is nothing wrong.
Really there is nothing easily feasible to workaround this. In truth, it's a good thing that the ebuild does not try to read the sudoers file, because it could cause sensible information leaking if it did. If you don't want the changes, just use -2 to etc-update to drop it, there is no syntax change it's just using a different template (the one provided by upstream) from the old one (one customised for Gentoo that was falling out of date).