Page MenuHomePhabricator

"sudo chown ..." asks for password which doesn't exist
Closed, ResolvedPublic

Description

Tools accounts have a sudo rule to claim ownership of their entire directory structure:

local-wikilint@tools-login:~$ sudo -l
Matching Defaults entries for local-wikilint on this host:
env_reset
User local-wikilint may run the following commands on this host:
(local-wikilint) NOPASSWD: ALL
(root) NOPASSWD: chown -R local-wikilint:local-wikilint /data/project/wikilint/
(local-wikilint) NOPASSWD: ALL
local-wikilint@tools-login:~$

However, despite "NOPASSWD", it still asks for one:

local-wikilint@tools-login:~$ sudo chown -R local-wikilint:local-wikilint /data/project/wikilint/
[sudo] password for local-wikilint: [^C]
local-wikilint@tools-login:~$ sudo -u root chown -R local-wikilint:local-wikilint /data/project/wikilint/
[sudo] password for local-wikilint: [^C]
local-wikilint@tools-login:~$

As tools accounts don't have passwords, that's kind of an impasse :-).


Version: unspecified
Severity: normal

Details

Reference
bz48105

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:40 AM
bzimport added a project: Toolforge.
bzimport set Reference to bz48105.

I think you should be able to do this using a take command, though this is weird indeed

This is a known issue. In the meantime, the command

take <filenames>

Provides a working substitute; it takes ownership (recursively) of files and directories given on the command line provided that you are in the owning group and own the containing directory.

Over time, take was deemed to be the canonical way of doing this.

Change 111755 had a related patch set uploaded by Tim Landscheidt:
Fix sudo chown rule for service groups

https://gerrit.wikimedia.org/r/111755

Change 111755 merged by jenkins-bot:
Fix sudo chown rule for service groups

https://gerrit.wikimedia.org/r/111755

Hmmm. Old service groups still have the problem, the bug is fixed for new ones - let's consider the glass half full :-).