Public bug reported:
I have sudo 1.8.3p1-1ubuntu3.1 from precise-proposed and I use pam_mount
for mounting encrypted partitions at login. (LVM partitions, if that
matters.)
'sudoedit' command triggers pam_mount to enquire the password of the
encrypted partition, trying to mount it and later to umount it. Mounting
and umounting fails, because the encrypted partition is already mounted,
unlocked and busy. The edited file is not changed rendering sudoedit
useless.
$ sudoedit test
reenter password for pam_mount:
pam_mount(mount.c:69): Messages from underlying mount program:
pam_mount(mount.c:73): crypt_activate_by_passphrase: File exists
pam_mount(pam_mount.c:521): mount of /dev/myvolumehere/mypartitionhere failed
pam_mount(mount.c:69): umount messages:
pam_mount(mount.c:73): umount: /mnt/mymountedpartition: device is busy.
pam_mount(mount.c:73): (In some cases useful info about processes that use
pam_mount(mount.c:73): the device is found by lsof(8) or fuser(1))
pam_mount(mount.c:73): umount /mnt/mymountedpartition failed with run_sync
status 1
pam_mount(mount.c:73): umount: /mnt/mymountedpartition: device is busy.
pam_mount(mount.c:73): (In some cases useful info about processes that use
pam_mount(mount.c:73): the device is found by lsof(8) or fuser(1))
pam_mount(mount.c:73): umount /mnt/mymountedpartition failed with run_sync
status 1
pam_mount(mount.c:752): unmount of /dev/myvolumehere/mypartitionhere failed
If I edit the file "test", the tmp file "/var/tmp/test.XXN2W9z4" gets
updated, but after exiting sudoedit, the actual file is not changed. The
tmp file is removed after exiting.
sudo (version 1.8.3p1-1ubuntu3.1) does not trigger this behavior, just
sudoedit. If I clear the sudo timestamp:
$ sudo -k
$ sudoedit test
[sudo] password for myusername:
pam_mount(mount.c:69): Messages from underlying mount program:
[...the same errors...]
If I donwgrade to version sudo=1.8.3p1-1ubuntu3, the sudoedit fails
similarly, but appended with the known bug 927828:
shell:~$ sudoedit test
reenter password for pam_mount:
pam_mount(mount.c:69): Messages from underlying mount program:
pam_mount(mount.c:73): crypt_activate_by_passphrase: File exists
pam_mount(pam_mount.c:521): mount of /dev/myvolumehere/mypartitionhere failed
sudoedit: pam_mount.c:417: modify_pm_count: Assertion `user != ((void *)0)'
failed.
Aborted
shell:~$ ls test
ls: cannot access test: No such file or directory
So sudoedit was unusable also with the old version.
The workaround is to edit files using "sudo vim (file)"
$ lsb_release -rd
Description: Ubuntu 12.04 LTS
Release: 12.04
sudo:
Installed: 1.8.3p1-1ubuntu3.1
/$ cat /etc/pam.d/sudo
#%PAM-1.0
@include common-auth
@include common-account
@include common-session-noninteractive
$ grep pam_mount /etc/pam.d/common-*
/etc/pam.d/common-auth:auth optional pam_mount.so
/etc/pam.d/common-session:session optional pam_mount.so
/etc/pam.d/common-session-noninteractive:session optional
pam_mount.so
Hence, pam_mount.so is in both common-auth and common-session-
noninteractive. However, sudo does not have this problem, only sudoedit.
File /etc/security/pam_mount.conf.xml:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<mntoptions
allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
<volume user="myusername" fstype="crypt"
path="/dev/myvolumehere/mypartitionhere" mountpoint="/mnt/mymountedpartition" />
</pam_mount>
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
** Tags: pam-mount sudoedit
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/996806
Title:
sudoedit triggers pam_mount to enquire the password of the encrypted
partition, trying to mount it and later to umount it.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/996806/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
