Bug 1319936 - sudo is broken after installing devtoolset
Summary: sudo is broken after installing devtoolset
Status: NEW
Alias: None
Product: Red Hat Developer Toolset
Classification: Red Hat
Component: devtoolset-meta (Show other bugs)
(Show other bugs)
Version: DTS 3.1 RHEL 6
Hardware: Unspecified Unspecified
unspecified
high
Target Milestone: alpha
: 5.0
Assignee: Marek Polacek
QA Contact: Martin Cermak
URL:
Whiteboard:
Keywords:
: 1635961 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-21 21:14 UTC by Martin Langhoff
Modified: 2018-10-09 15:52 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Martin Langhoff 2016-03-21 21:14:37 UTC
Description of problem:

the sudo "wrapper" written for #849452 is very limited, is not failsafe, and most importantly is called "sudo" and is first in search path, so takes over sudo invocations.

This is a bad idea in so many ways. 

Version-Release number of selected component (if applicable):

devtoolset-3-runtime-3.1-12.el6.x86_64


How reproducible:

100%

Steps to Reproduce:
1. install devtoolset3
2. try to run "sudo -s" or "sudo -i"

Actual results:

$ sudo -s
/var/tmp/scl76ZTHd: line 8: -s: command not found


Expected results:

A root shell session

Comment 1 Martin Langhoff 2016-03-21 21:16:10 UTC
Others have hit this 

http://unix.stackexchange.com/questions/192809/sudo-i-returns-an-error

$ rpm -qf /opt/rh/devtoolset-3/root/usr/bin/sudo
devtoolset-3-runtime-3.1-12.el6.x86_64
$ which sudo
/opt/rh/devtoolset-3/root/usr/bin/sudo

Comment 2 Ľuboš Kardoš 2016-04-06 14:03:00 UTC
The sudo wrapper is from devtoolset package not from scl-utils package, I will reassigning the bug, I hope devtoolset-meta is right component but feel free to reassign.

Comment 3 Marek Polacek 2016-04-08 12:06:40 UTC
Certainly not solvable for DTS4.1.

Comment 4 Marek Polacek 2016-04-08 12:07:50 UTC
Note this is basically a dup of https://bugzilla.redhat.com/show_bug.cgi?id=1054894

Comment 5 Martin Langhoff 2016-04-08 12:51:56 UTC
Well that's not readable even for this long-time fedora contributor, but I can imagine reasons you'd have a related embargoed bz.

MITM'ing sudo is a rather bad idea. I understand the desire to have sudo load SCL envvars -- I wrestle with that myself, often needing to write wrapper scripts -- it is not important enough to mess with sudo itself; perhaps that could be achieved with a dedicated command.

Comment 6 Marek Polacek 2016-04-08 14:25:05 UTC
(In reply to Martin Langhoff from comment #5)
> Well that's not readable even for this long-time fedora contributor, but I
> can imagine reasons you'd have a related embargoed bz.
> 
> MITM'ing sudo is a rather bad idea. I understand the desire to have sudo
> load SCL envvars -- I wrestle with that myself, often needing to write
> wrapper scripts -- it is not important enough to mess with sudo itself;
> perhaps that could be achieved with a dedicated command.

You're right about the SCL envvars.  One possibility would be to teach the sudo wrapper how to parse the sudo arguments I think -- but that seems very fragile and I'm not sure how well would that work in practice.  I'm very sorry that all I can offer at this point is to recommend to use /bin/sudo if you need to use sudo options :/.

Comment 7 Florian Weimer 2016-04-12 12:03:09 UTC
sudo_plugin(8) in the sudo-devel package might be a consideration.  It looks like the API (specifically check_policy) is sufficient for implementing preservation of SCL context in a sudo plugin.

Comment 8 Gary Gatling 2018-04-23 17:22:50 UTC
I am seeing this in devtoolset-7's sudo/ sudo -i doesn't work.

Comment 9 Marek Polacek 2018-04-23 17:26:45 UTC
Please use /bin/sudo meanwhile.

Comment 10 Michael Alberghini 2018-07-31 15:38:18 UTC
I am seeing this while using devtoolset-6 on RH 7.5.  It breaks ansible.

Comment 11 Marek Polacek 2018-10-09 15:52:14 UTC
*** Bug 1635961 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.