Public bug reported:
after several (full) re-runs of cloud-init, my
/usr/local/etc/sudoers.d/90-cloud-init-users file looks like this:
# Created by cloud-init v. 22.3 on Wed, 05 Oct 2022 21:34:14 +0000
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
while this has no affect on sudo's functionality, it's also not deduplicated:
freebsd@fbsd14-amd64 ~> sudo -l
User freebsd may run the following commands on fbsd14-amd64:
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
given what we're trying to accomplish with writing sudoers rules, I think it
would make sense to *always* rewrite the file, regardless of whether it exists
or not.
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1998539
Title:
writing of sudoers is not idempotent
Status in cloud-init:
New
Bug description:
after several (full) re-runs of cloud-init, my
/usr/local/etc/sudoers.d/90-cloud-init-users file looks like this:
# Created by cloud-init v. 22.3 on Wed, 05 Oct 2022 21:34:14 +0000
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
# User rules for freebsd
freebsd ALL=(ALL) NOPASSWD:ALL
while this has no affect on sudo's functionality, it's also not deduplicated:
freebsd@fbsd14-amd64 ~> sudo -l
User freebsd may run the following commands on fbsd14-amd64:
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
(ALL) NOPASSWD: ALL
given what we're trying to accomplish with writing sudoers rules, I think it
would make sense to *always* rewrite the file, regardless of whether it exists
or not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1998539/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
