Bug 453105 - Satellite installer does not set up /etc/sudoers correctly
Satellite installer does not set up /etc/sudoers correctly
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Installer (Show other bugs)
520
All Linux
low Severity low
: ---
: ---
Assigned To: Milan Zazrivec
Jeff Browning
:
Depends On:
Blocks: 446877
  Show dependency treegraph
 
Reported: 2008-06-27 06:53 EDT by Milan Zazrivec
Modified: 2008-11-05 13:40 EST (History)
1 user (show)

See Also:
Fixed In Version: sat520
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-05 13:40:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/var/log/tomcat5/catalina.out (631 bytes, text/plain)
2008-06-27 06:54 EDT, Milan Zazrivec
no flags Details

  None (edit)
Description Milan Zazrivec 2008-06-27 06:53:10 EDT
Description of problem:
In order to restart satellite via web ui (Satellite Tools -> Restart), tomcat
needs to have /etc/sudoers set up correctly. One of the big differences
between RHEL4 and RHEL5 default sudo setup is, that /etc/sudoers on RHEL5
comes with the directive "Defaults    requiretty" enabled globally by default.

This directive simply tells sudo to run successfully  only if the user in
question (tomcat in this case) has a real tty -- which obviously is not
the case. Satellite installer (install/stage2.pl) contains setup_sudoers()
routine, which is supposed to comment this directive out. There are two
problems with setup_sudoers():

1. setup_sudoers() does not comment the mentioned line out at all
2. there's no need to comment this line out globally, all the installer
has to do is to add following lines:
...
Defaults:tomcat !requiretty
Defaults:apache !requiretty
...
into /etc/sudoers for things to work correctly on RHEL5.

Version-Release number of selected component (if applicable):
Satellite 5.2.0 / RHEL5

How reproducible:
Always on a RHEL5 system

Steps to Reproduce:
1. Install Satellite 5.2.0 on a RHEL5 system
2. tail -f /var/log/tomcat5/catalina.out
3. In the web ui navigate to Satellite Tools -> Restart and restart satellite
  
Actual results:
See attachment.

Expected output:
Satellite should restart successfully.
Comment 1 Milan Zazrivec 2008-06-27 06:54:22 EDT
Created attachment 310421 [details]
/var/log/tomcat5/catalina.out
Comment 2 Milan Zazrivec 2008-06-27 07:26:23 EDT
s/^\s*Default\s+requiretty\s*$/#$&/; <-- this is the regular expression
from setup_sudoers(), which was supposed to comment 'Defaults requiretty' out.

It should have been: s/^\s*Defaults\s+requiretty\s*$/#$&/;
Comment 3 Milan Zazrivec 2008-07-09 05:40:55 EDT
Sending        install/stage2.pl
Sending        install/sudoers.rhn
Transmitting file data ..
Committed revision 174894.
Comment 4 Milan Zazrivec 2008-07-09 12:45:50 EDT
Modified fix:

Sending        install/stage2.pl
Transmitting file data .
Committed revision 174927.
Comment 5 Michael Mráka 2008-07-24 05:32:49 EDT
Ported to RELEASE-5.2, r175399.
Comment 6 Brad Buckingham 2008-08-13 12:54:48 EDT
Mass move to ON_QA.
Comment 7 Jeff Browning 2008-08-19 01:43:51 EDT
Verified. 

Sat restarted without error.
Comment 8 wes hayutin 2008-10-21 14:45:49 EDT
[root@rlx-2-20 ~]# cat /etc/sudoers | grep tomcat
tomcat  ALL=(root)      NOPASSWD: INSTALL_RHN   
tomcat  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:tomcat !requiretty
[root@rlx-2-20 ~]# cat /etc/sudoers | grep apache
apache  ALL=(root)      NOPASSWD: INSTALL_RHN   
apache  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:apache !requiretty

restart ok..
release pending
Comment 9 Brandon Perkins 2008-11-05 13:40:57 EST
5.2.0 Satellite is now GA, bugs Closed for Current Release.

Note You need to log in before you can comment on or make changes to this bug.