Bug 453105

Summary: Satellite installer does not set up /etc/sudoers correctly
Product: Red Hat Satellite 5 Reporter: Milan Zázrivec <mzazrivec>
Component: InstallerAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Jeff Browning <jbrownin>
Severity: low Docs Contact:
Priority: low    
Version: 520CC: whayutin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sat520 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-05 18:40:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 446877    
Attachments:
Description Flags
/var/log/tomcat5/catalina.out none

Description Milan Zázrivec 2008-06-27 10:53:10 UTC 
Description of problem:
In order to restart satellite via web ui (Satellite Tools -> Restart), tomcat
needs to have /etc/sudoers set up correctly. One of the big differences
between RHEL4 and RHEL5 default sudo setup is, that /etc/sudoers on RHEL5
comes with the directive "Defaults    requiretty" enabled globally by default.

This directive simply tells sudo to run successfully  only if the user in
question (tomcat in this case) has a real tty -- which obviously is not
the case. Satellite installer (install/stage2.pl) contains setup_sudoers()
routine, which is supposed to comment this directive out. There are two
problems with setup_sudoers():

1. setup_sudoers() does not comment the mentioned line out at all
2. there's no need to comment this line out globally, all the installer
has to do is to add following lines:
...
Defaults:tomcat !requiretty
Defaults:apache !requiretty
...
into /etc/sudoers for things to work correctly on RHEL5.

Version-Release number of selected component (if applicable):
Satellite 5.2.0 / RHEL5

How reproducible:
Always on a RHEL5 system

Steps to Reproduce:
1. Install Satellite 5.2.0 on a RHEL5 system
2. tail -f /var/log/tomcat5/catalina.out
3. In the web ui navigate to Satellite Tools -> Restart and restart satellite
  
Actual results:
See attachment.

Expected output:
Satellite should restart successfully.
Comment 1 Milan Zázrivec 2008-06-27 10:54:22 UTC 
Created attachment 310421 [details]
/var/log/tomcat5/catalina.out
Comment 2 Milan Zázrivec 2008-06-27 11:26:23 UTC 
s/^\s*Default\s+requiretty\s*$/#$&/; <-- this is the regular expression
from setup_sudoers(), which was supposed to comment 'Defaults requiretty' out.

It should have been: s/^\s*Defaults\s+requiretty\s*$/#$&/;
Comment 3 Milan Zázrivec 2008-07-09 09:40:55 UTC 
Sending        install/stage2.pl
Sending        install/sudoers.rhn
Transmitting file data ..
Committed revision 174894.
Comment 4 Milan Zázrivec 2008-07-09 16:45:50 UTC 
Modified fix:

Sending        install/stage2.pl
Transmitting file data .
Committed revision 174927.
Comment 5 Michael Mráka 2008-07-24 09:32:49 UTC 
Ported to RELEASE-5.2, r175399.
Comment 6 Brad Buckingham 2008-08-13 16:54:48 UTC 
Mass move to ON_QA.
Comment 7 Jeff Browning 2008-08-19 05:43:51 UTC 
Verified. 

Sat restarted without error.
Comment 8 wes hayutin 2008-10-21 18:45:49 UTC 
[root@rlx-2-20 ~]# cat /etc/sudoers | grep tomcat
tomcat  ALL=(root)      NOPASSWD: INSTALL_RHN   
tomcat  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:tomcat !requiretty
[root@rlx-2-20 ~]# cat /etc/sudoers | grep apache
apache  ALL=(root)      NOPASSWD: INSTALL_RHN   
apache  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:apache !requiretty

restart ok..
release pending
Comment 9 Brandon Perkins 2008-11-05 18:40:57 UTC 
5.2.0 Satellite is now GA, bugs Closed for Current Release.