I just noticed that I completely overlooked your other comments to my original mail. Sorry about that!
On 2015-01-29 09:31, Andreas Beckmann wrote: > On 2015-01-28 23:56, Christian Kastner wrote: >> This is the first problem. It is of course possible for this file to be >> generally absent (it's a conffile, and the user might have forcefully >> removed it), so this chown should be guarded by a test for existence. > > Is sudo useful at all if /etc/sudoers is missing? No, but if it's missing, then the user must have removed it, and policy compels us to honor that decision. >> 3. Later on, there is an attempted to remove the temporarily >> renamed /etc/sudoers.pre-conffile mentioned above: >> >>> # if we've gotten this far .. remove the saved, unchanged old sudoers file >>> rm -f /etc/sudoers.pre-conffile > > that is an *old* pristine sudoer that was not a conffile Yes, this is tricky. It's not a conffile from the *old* sudo's POV. It is very much a conffile from the *new* sudo's POV, and therefore the user-preservation semantics apply (I'd say). >> This I don't understand. Why remove it? This file can only exist because >> of step 1. above, and if it exists, the purpose was to just temporarily >> move it out of the way to avoid a conffile-change question. Why is it >> being removed now? Shouldn't it just be moved back in step 2.? > > dpkg should have installed a new sudoers (that is now a conffile) Well, if the old sudoers md5sum matches what is in postinst, then either (a) installing the new one or (b) temporarily-renaming-and-switching the old one have the same effect, except that (a) has the unwanted "modified conffile" dialogue. And if the old sudoers md5sum does not match what is in postinst, sudoers has user modifications. Albeit from a time before sudoers was a conffile; but if I upgraded from squeeze to wheezy, I would absolutely expect my sudoers to be preserved regardless of that. > the .pre-conffile is a backup that should be restored in failed-upgrade > or removed in postinst, so the intention is right, just the preinst > should not have touch a conffile > >> Please find attached a debdiff against the version in t-p-u that >> >> A. Makes the chmod/chown conditional on the existence of /etc/sudoers > > maybe its better to explode here if sudoers does not exist - I assume > sudo will be nonfunctional without it See above (user must have deleted it, we must comply with that) >> B. When /etc/sudoers.pre-conffile exists, moves it back to >> /etc/sudoers. This is done unconditionally since the very >> existence of /etc/sudoers.pre-conffile implies that it is the >> pristine package version (recall the md5sum check above). So >> the user did not delete or change /etc/sudoers, and we want it >> back. > > there was never the intention to restore this in a pre-conffile to > conffile upgrade case ... I think this can be reduced to the (a) or (b) case I listed above. Regards, Christian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
