Bug#421066: marked as done (Please don't drop --with-exempt=sudo on upgrade without extra warning!)

[Debian Bug Tracking System]

Your message dated Mon, 31 Aug 2009 13:08:43 -0600 (MDT)
with message-id <20090831190843.8913d14a...@rover.gag.com>
and subject line water under the bridge
has caused the Debian Bug report #421066,
regarding Please don't drop --with-exempt=sudo on upgrade without extra warning!
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
421066: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: sudo
Version: 1.6.8p12-5
Severity: important

Hi,

I was relying entirely on sudo + sudo group to get access to the root account
on which the root password was disabled.
After upgrade to 1.6.8p12-5 nothing alerted me but the fact is that on 
next login I could not get root access anymore.
My box is in a datacenter with hardware raid so it was extremely difficult to 
recover from such a situation.

Probably you've good reasons to drop default support of sudo group but
*please* use debconf to prompt the user and tell him, it's only when I read
the newly installed /usr/share/doc/sudo/NEWS.Debian.gz that I understood 
what happened.

I graded this report as important because of the worries it can cause to admins
with similar setup.

Phil

PS: now I've taken measures to ensure safe root access when sudo is not 
working...

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-1-686 (SMP w/1 CPU core)
Locale: lang=fr...@euro, lc_ctype=fr...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libpam-modules              0.79-4       Pluggable Authentication Modules f
ii  libpam0g                    0.79-4       Pluggable Authentication Modules l

sudo recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Closing this since etch is now 'oldstable' and we survived the transition to
lenny which renders a check on upgrade pretty much irrelevant at this point.

Bdale

--- End Message ---