Re: -CURRENT Bug in portupgrade with sudo

From: Szilveszter Adam <sziszi_at_bsd.hu>
Date: Sat, 16 Jan 2010 12:42:48 +0100
Hello and G'day,

On Fri, Jan 15, 2010 at 05:21:16PM -0800, michael brindle wrote:
> So, apparently, when one attempts to use portupgrade from a normal user
> shell, by way of sudo, portupgrade will remove the user from the
> /usr/local/etc/sudoers file.

I cannot confirm this. I have been using portupgrade with sudo for
literally years now, and it has always worked. The only trick is when
you have to upgrade the sudo port itself, since the sudo command
disappears in the middle of the upgrade process. In that case you have
to first pkg_deinstall the sudo port and then "make install" in the sudo
port directory the old-fashioned way. But this is really the only quirk
I have come across.

> Also, the user is unable to use the su utility to become root to add
> themselves back into the /usr/local/etc/sudoers file.

Of course depending on what you mean by this. If the user has been in
the wheel group previously, they will certainly be able to use su. This
has nothing to do with sudo or portupgrade.

> Also, this may also be a bug in X, because I rarely run command-line only,
> next time I upgrade my ports, I will remember to drop into command-line only
> first.

Highly unlikely.

> for example:
> > sudo portupgrade -af

I have never tried it this way, and, thinking of it, it may not
necessarily do what you think it does. However, portupgrade has the
ability to run as normal user, and invoke sudo only when it is needed. I
suggest you look into the portupgrade man page and in particular,
investigate the "-s" switch.

Also, using -af with portupgrade is really a sledgehammer. It will not
help you much when you try to diagnose a possible problem. At a minimum,
try to gather more information about what happens during the upgrade
(possibly by also making log files) and narrow it down to the specific
point when you think the sudoers files is changed. Investigate the "-v"
switch for portupgrade as well as other debugging and logging options.
It would be best if you did not try to upgrade everything at once, but
rather, one-by-one. (This is a good practice anyway; the -af may do more
work than it would be needed and at the same time, you may miss
important information because all of it just scrolls up on your terminal
too fast. Also, by using -af, you will probably not be able to follow
/usr/ports/UPDATING either, although it is strongly recommended to do so
when upgrading the ports.)

-- 
Regards:

Szilveszter ADAM
Budapest
Hungary
Received on Sat Jan 16 2010 - 10:42:52 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:00 UTC