Bug 453105 - Satellite installer does not set up /etc/sudoers correctly
Summary: Satellite installer does not set up /etc/sudoers correctly
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Installer
Version: 520
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Milan Zázrivec
QA Contact: Jeff Browning
URL:
Whiteboard:
Depends On:
Blocks: 446877
TreeView+ depends on / blocked
 
Reported: 2008-06-27 10:53 UTC by Milan Zázrivec
Modified: 2008-11-05 18:40 UTC (History)
1 user (show)

Fixed In Version: sat520
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-05 18:40:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
/var/log/tomcat5/catalina.out (631 bytes, text/plain)
2008-06-27 10:54 UTC, Milan Zázrivec 		no flags Details
View All

Description Milan Zázrivec 2008-06-27 10:53:10 UTC 
Description of problem:
In order to restart satellite via web ui (Satellite Tools -> Restart), tomcat
needs to have /etc/sudoers set up correctly. One of the big differences
between RHEL4 and RHEL5 default sudo setup is, that /etc/sudoers on RHEL5
comes with the directive "Defaults    requiretty" enabled globally by default.

This directive simply tells sudo to run successfully  only if the user in
question (tomcat in this case) has a real tty -- which obviously is not
the case. Satellite installer (install/stage2.pl) contains setup_sudoers()
routine, which is supposed to comment this directive out. There are two
problems with setup_sudoers():

1. setup_sudoers() does not comment the mentioned line out at all
2. there's no need to comment this line out globally, all the installer
has to do is to add following lines:
...
Defaults:tomcat !requiretty
Defaults:apache !requiretty
...
into /etc/sudoers for things to work correctly on RHEL5.

Version-Release number of selected component (if applicable):
Satellite 5.2.0 / RHEL5

How reproducible:
Always on a RHEL5 system

Steps to Reproduce:
1. Install Satellite 5.2.0 on a RHEL5 system
2. tail -f /var/log/tomcat5/catalina.out
3. In the web ui navigate to Satellite Tools -> Restart and restart satellite
  
Actual results:
See attachment.

Expected output:
Satellite should restart successfully.
Comment 1 Milan Zázrivec 2008-06-27 10:54:22 UTC 
Created attachment 310421 [details]
/var/log/tomcat5/catalina.out
Comment 2 Milan Zázrivec 2008-06-27 11:26:23 UTC 
s/^\s*Default\s+requiretty\s*$/#$&/; <-- this is the regular expression
from setup_sudoers(), which was supposed to comment 'Defaults requiretty' out.

It should have been: s/^\s*Defaults\s+requiretty\s*$/#$&/;
Comment 3 Milan Zázrivec 2008-07-09 09:40:55 UTC 
Sending        install/stage2.pl
Sending        install/sudoers.rhn
Transmitting file data ..
Committed revision 174894.
Comment 4 Milan Zázrivec 2008-07-09 16:45:50 UTC 
Modified fix:

Sending        install/stage2.pl
Transmitting file data .
Committed revision 174927.
Comment 5 Michael Mráka 2008-07-24 09:32:49 UTC 
Ported to RELEASE-5.2, r175399.
Comment 6 Brad Buckingham 2008-08-13 16:54:48 UTC 
Mass move to ON_QA.
Comment 7 Jeff Browning 2008-08-19 05:43:51 UTC 
Verified. 

Sat restarted without error.
Comment 8 wes hayutin 2008-10-21 18:45:49 UTC 
[root@rlx-2-20 ~]# cat /etc/sudoers | grep tomcat
tomcat  ALL=(root)      NOPASSWD: INSTALL_RHN   
tomcat  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:tomcat !requiretty
[root@rlx-2-20 ~]# cat /etc/sudoers | grep apache
apache  ALL=(root)      NOPASSWD: INSTALL_RHN   
apache  ALL=(root)      NOPASSWD: CONFIG_RHN    
# These two directives allow tomcat and apache to invoke CONFIG_RHN
Defaults:apache !requiretty

restart ok..
release pending
Comment 9 Brandon Perkins 2008-11-05 18:40:57 UTC 
5.2.0 Satellite is now GA, bugs Closed for Current Release.
Note You need to log in before you can comment on or make changes to this bug.