severity 613533 important thanks Raising the severity of this, after it nearly locked me out of a remote system. In the process of merging the /etc from an old system into a new system, and copying around configuration files, I ended up with a sudoers file with mode 0644, rather than 0440. As a result, I could no longer sudo on that system, which meant I couldn't easily fix the permissions. Fortunately I had a root password set, and I had stored the root password in an encrypted file on my personal system, but if I hadn't I would have lost root access to the system entirely.
I can completely understand sudo refusing to accept sudoers files writable by non-root. However, sudo should not object to sudoers files *readable* by non-root. This seems like security by obscurity; knowing what commands users may run does not reduce the security of the system. - Josh Triplett -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sudo depends on: ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib ii libpam-modules 1.1.2-2 Pluggable Authentication Modules f ii libpam0g 1.1.2-2 Pluggable Authentication Modules l sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/sudoers [Errno 13] Permission denied: u'/etc/sudoers' /etc/sudoers.d/README [Errno 13] Permission denied: u'/etc/sudoers.d/README' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
