Bug #822

Sudo problem after Amahi installation on ubuntu 11.04 32-bit

Added by SolaR over 9 years ago. Updated about 9 years ago.

Target version:
Start date:
Due date:
% Done:



I installed Amahi on ubuntu server 11.04 32-bit (minimal virtual install <- very small footprint) and the install went ok.

After install i ran into a problem:

It looks like the sudoers file is messed up somehow. If I try to do sudo <something> it reports my username isn't in the sudoers file. Before the Amahi installation I had no trouble using sudo.

sudoers-afterinstall - sudoers after Amahi installation (574 Bytes) SolaR, 05/01/2011 05:38 AM

sudoers-beforeinstall - sudoers before Amahi installation (574 Bytes) SolaR, 05/01/2011 05:38 AM


#1 Updated by SolaR over 9 years ago

Added both sudoers files (before and after Amahi install).

Sudoers files are the same so I looked a little further. Turns out that the assigned groups my default user has (except the users group) are stripped after the Amahi install. After install I'm no longer member of the admin group (which you need to do "sudo").

I installed Amahi as root user (I didn't do sudo sh debian.install CODE). Might have something to do with "the first regular user" thingy. Kinda like the express cd has with the admin user.

#2 Updated by cpg over 9 years ago

NOTE (mostly for BK and effem): it would like it if we also keep - as part of the checklist for cross-testing - an app that execises the elevated privileges feature, i know VNC does. others do as well.

the elevated feature makes use of the sudo settings we use in Amahi.

#3 Updated by eFfeM over 9 years ago

  • Priority changed from High to Low

changed prio to low, for now we only support 10.04; will peek at it when I have some more time; thanks for reporting

@cpg: please assign the vnc app to me then

#4 Updated by eFfeM over 9 years ago

forgot to mention: issue does not appear in 10.04

#5 Updated by eFfeM about 9 years ago

cause is this line in app/models/user.rb:

c ="usermod -g users -G users \"#{self.login}\"")

This adds the user to group users and makes users the initial group; However a side effect of this is that all other group assignments are lost.
If it is desired to keep the membership of the current groups the -a option should be added to the command above.
Alternately we could disallow using the initial user (or a user who is member of the admin group), or somehow find the list of groups the user is a member of and add those to the -G.
My preference is adding -a

#6 Updated by cpg about 9 years ago

agreed. if -a works on fedora too, we should test it and we're done.

if not, then we need to add a hook for this somehow to make it dependent on the architecture.

#7 Updated by SolaR about 9 years ago

After an update from effeM the problem is now fixed.

#8 Updated by eFfeM about 9 years ago

  • Status changed from Assigned to Closed

fixed; tested by Solar as ok, so now closing

Also available in: Atom