[pacman-dev] [PATCH 10/11] makepkg: do not ask sudo password twice

Allan McRae allan at archlinux.org
Thu Jun 17 10:30:44 EDT 2010 

On 18/06/10 00:13, Dan McGee wrote:
> On Thu, Jun 17, 2010 at 8:49 AM, Andres P<aepd87 at gmail.com>  wrote:
>> On Thu, Jun 17, 2010 at 9:17 AM, Allan McRae<allan at archlinux.org>  wrote:
>>> On 17/06/10 23:35, Andres P wrote:
>>>>
>>>> On Thu, Jun 17, 2010 at 9:04 AM, Allan McRae<allan at archlinux.org>    wrote:
>>>>>
>>>>> Um...  no it does not...   sudo -l does not ask for a password even with
>>>>> timestamp_timeout=0.
>>>>>
>>>>> Allan
>>>>
>>>> Yes it does... man sudoers
>>>>
>>>> Defaults  timestamp_timeout=0, passwd_timeout=0
>>>>
>>>> sudo -l /bin/true&&    sudo /bin/true
>>>>
>>>> will ask you twice...  come on now :/
>>>>
>>>
>>> allan at mugen ~
>>>> sudo -l
>>> Matching Defaults entries for allan on this host:
>>>     timestamp_timeout=0, passwd_timeout=0
>>>
>>> User allan may run the following commands on this host:
>>>     (ALL) ALL
>>>
>>> allan at mugen ~
>>>> sudo -l /bin/true&&  sudo /bin/true
>>> /bin/true
>>> Password:
>>>
>>> allan at mugen ~
>>>>
>>>
>>> I count one password request...
>>>
>>
>> I advice that you create a new user with a fresh leash.
>>
>> I'm using sudo 1.7.2p7-1 and could go through the trouble of naggging
>> folks to post their sudo output just to get this fixed ;)
>>
>> My sudoers verbatim:
>> # Defaults specification
>> Defaults  rootpw, timestamp_timeout=0, passwd_timeout=0
>>
>> # User privilege specification
>> root    ALL=(ALL) ALL
>>
>> # Uncomment to allow people in group wheel to run all commands
>> %wheel  ALL=(ALL) ALL
>>
>> Nothing exotic... the only relevant setting is timestamp
>
> Dude, the ball is in your court to prove this, I can't get it to do
> anything resembling asking for my password twice. I added the two
> options to my sudoers file and look at hte following sequence. Note
> that the only time it asks for my password is on the actual execution
> of the command, not on the '-l' usage.
>
> dmcgee at galway ~/projects/pacman (master)
> $ sudo -l /bin/true
> /bin/true
>
> dmcgee at galway ~/projects/pacman (master)
> $ sudo /bin/true
> Password:
>
> dmcgee at galway ~/projects/pacman (master)
> $ sudo /bin/true
> Password:
>
> dmcgee at galway ~/projects/pacman (master)
> $ sudo -l /bin/true
> /bin/true
>

I think I have found the issue here.   We obviously have a NOPASSWD 
entry in our sudoers file so "sudo -l" does not require a password.

So the bug is confirmed.  However the fix is not fully functional as if 
I have sudo installed but can not use it for pacman, then I can no 
longer fall back to using "su -c".  I'd choose excess password typing 
over functionality loss.

Allan

More information about the pacman-dev mailing list