[25839] in Source-Commits
/svn/athena r25256 - trunk/debathena/config/reactivate/debian
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Tue Jul 19 17:11:38 2011
Date: Tue, 19 Jul 2011 17:11:32 -0400
From: Geoffrey Thomas <geofft@MIT.EDU>
Message-Id: <201107192111.p6JLBWX2032589@drugstore.mit.edu>
To: source-commits@mit.edu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: geofft
Date: 2011-07-19 17:11:31 -0400 (Tue, 19 Jul 2011)
New Revision: 25256
Modified:
trunk/debathena/config/reactivate/debian/changelog
trunk/debathena/config/reactivate/debian/snapshot-run
Log:
In reactivate:
* sudo now checks its supplementary group list, not NSS, for group
membership, and so it doesn't consider you in the admin group until
after you run initgroups(3). Since we use sudo itself to run
initgroups, we need to work around this somehow... the simplest fix
is to explicitly add $USER to /etc/sudoers inside the chroot.
At some point we may want to write our own setuid initgroups(3)
helper and avoid sudo entirely.
Modified: trunk/debathena/config/reactivate/debian/changelog
===================================================================
--- trunk/debathena/config/reactivate/debian/changelog 2011-07-19 20:41:31 UTC (rev 25255)
+++ trunk/debathena/config/reactivate/debian/changelog 2011-07-19 21:11:31 UTC (rev 25256)
@@ -1,3 +1,16 @@
+debathena-reactivate (2.0.23) unstable; urgency=low
+
+ * sudo now checks its supplementary group list, not NSS, for group
+ membership, and so it doesn't consider you in the admin group until
+ after you run initgroups(3). Since we use sudo itself to run
+ initgroups, we need to work around this somehow... the simplest fix
+ is to explicitly add $USER to /etc/sudoers inside the chroot.
+
+ At some point we may want to write our own setuid initgroups(3)
+ helper and avoid sudo entirely.
+
+ -- Geoffrey Thomas <geofft@mit.edu> Tue, 19 Jul 2011 17:07:54 -0400
+
debathena-reactivate (2.0.22) unstable; urgency=low
* Workaround for schroot/libpam-afs-session stupidity (Trac: #928)
Modified: trunk/debathena/config/reactivate/debian/snapshot-run
===================================================================
--- trunk/debathena/config/reactivate/debian/snapshot-run 2011-07-19 20:41:31 UTC (rev 25255)
+++ trunk/debathena/config/reactivate/debian/snapshot-run 2011-07-19 21:11:31 UTC (rev 25256)
@@ -55,6 +55,8 @@
set +e
+echo "$USER ALL=(ALL) ALL" | schr sh -c "cat >> /etc/sudoers"
+
cd
schroot -c "$session" -r -p -- sudo -E -u "$USER" -- "$@"
cd /
