Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dont create /etc/sudoers.d/google_sudoers unless OS Login is enabled #118

Open
zachberger opened this issue Jul 21, 2021 · 1 comment
Open

Dont create /etc/sudoers.d/google_sudoers unless OS Login is enabled #118

zachberger opened this issue Jul 21, 2021 · 1 comment

Comments

@zachberger
Copy link
Member

zachberger commented Jul 21, 2021
edited
Loading

In oslogin.go#L79 we correctly guard the call to accountsMgr.set() on OS Login being enabled, however on main.go#L118 we don't do this check first resulting in /etc/sudoers.d/google_sudoers being created even when the user does not use OS Login.

This creates challenges for customers who use Puppet to manage the /etc/sudoers.d directory. Puppet deletes this file and then the agent recreates it causing churn.
patelne pushed a commit to patelne/guest-agent that referenced this issue Feb 17, 2022
@zmarano
Fix Ubuntu vars. (GoogleCloudPlatform#118)
91d545b
@jamgregory
Copy link

We've been experiencing the same issue. In our case, we just changed our Puppet configuration to 'manage' that file instead:

sudo::configs:
  'google-sudoers':
    'content':  '%google-sudoers ALL=(ALL) NOPASSWD:ALL'
    'sudo_file_name': 'google_sudoers'

Obviously it would be preferable if the agent didn't create if (as we're also not using OS Login) but this seems to work around it for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamgregory @zachberger