#173 Fedora Cloud Base Vagrant Boxes Don't Allow Vagrant User To su To Other Users
Closed: Fixed 7 years ago Opened 8 years ago by skuznets.

Description of problem:
When attempting to switch to another user, sudo su <user> where <user> is not root in the Vagant Fedora Cloud Base boxes does not work. This is as the contents of /etc/sudoers.d/vagrant-nopasswd are incorrect.

Version-Release number of selected component (if applicable):
Fedora-Cloud-Base-Vagrant-24-1.2.x86_64.vagrant-libvirt.box

Steps to Reproduce:

$ vagrant box add https://download.fedoraproject.org/pub/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-Vagrant-24-1.2.x86_64.vagrant-libvirt.box --name fedora/cloud-base
$ vagrant init fedora/cloud-base
$ vagrant up --provider=libvirt
$ vagrant ssh --command 'sudo useradd testuser'
$ vagrant ssh --command 'sudo --user testuser pwd'

Actual results:
Password prompt to switch users or permission denied message.

Expected results:
Successful user switch.

Additional info:
Just need to make the following patch:

diff --git a/vagrant-nopasswd b/vagrant-nopasswd
index 6b59f02..f892bc1 100644
--- a/vagrant-nopasswd
+++ b/vagrant-nopasswd
@@ -1 +1 @@
-vagrant ALL=NOPASSWD: ALL
+vagrant ALL=(ALL) NOPASSWD: ALL

xref: https://bugzilla.redhat.com/show_bug.cgi?id=1384679


@dustymabe /me wonders about the status of this issue? If the issue is queued up for the fix I will write down test for the same https://github.com/kushaldas/tunirtests/issues/57

trishnag, currently still the same - it won't matter if we fix it now because we have not been releasing cloud base images so even if we fix it it would not get released for the cloud base image until f26. That is unless we decide to release a newer version of the cloud base image

is there a git repo holding build scripts of the vagrant boxes where I can file a PR to fix this?

That would be in the kickstart files for the Fedora Cloud Base and for Fedora Atomic Host. You can see the sudo config at the bottom of the file. The master branch of that git repo is used for rawhide and the f25 branch is used for Fedora 25.

thanks - we'll wait and confirm the images are built and working and then close this.

confirmed - the patch works. For the record I tested on the following image:

https://kojipkgs.fedoraproject.org/compose/twoweek/Fedora-Atomic-25-20170206.0/compose/CloudImages/x86_64/images/Fedora-Cloud-Base-Vagrant-25-20170206.0.x86_64.vagrant-libvirt.box

[vagrant@localhost ~]$ sudo useradd cb
[vagrant@localhost ~]$ sudo su - cb
[cb@localhost ~]$ pwd
/home/cb
[cb@localhost ~]$ ls
[cb@localhost ~]$ id
uid=1002(cb) gid=1002(cb) groups=1002(cb) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

@dustymabe changed the status to Closed

7 years ago

Log in to comment on this ticket.

Metadata