Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sudo on ubuntu-22.04 does not allow running binaries from build dir with "sudo -u" #6106

Closed
2 of 10 tasks
daztucker opened this issue Aug 18, 2022 · 4 comments
Closed
2 of 10 tasks

Sudo on ubuntu-22.04 does not allow running binaries from build dir with "sudo -u" #6106

daztucker opened this issue Aug 18, 2022 · 4 comments
Assignees
@mikhailkoliada
Labels
bug report investigate Collect additional information, like space on disk, other tool incompatibilities etc. OS: Ubuntu question Further information is requested

Comments

@daztucker
Copy link

Description

sudo on ubuntu-22.04 prompts for a password for "sudo -u nobody" for a binary in the build directory. On previous iterations of ubuntu images as well as Mac OS work fine. Running a system binary such as /usr/bin/id works fine.

Sample repo and test run demonstrating issue: https://github.com/daztucker/runner-test/runs/7891375280?check_suite_focus=true

Platforms affected

  • Azure DevOps
  • GitHub Actions

Virtual environments affected

  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04
  • macOS 10.15
  • macOS 11
  • macOS 12
  • Windows Server 2019
  • Windows Server 2022

Image version and build link

Environment: ubuntu-22.04
Version: 20220815.3
Demo test run: https://github.com/daztucker/runner-test/runs/7891297501?check_suite_focus=true

Is it regression?

Environment: ubuntu-20.04, Version: 20220814.1 works ok.

Expected behavior

sudo should run the specified binary in the build dir as the specified user w/out prompting for a password

Actual behavior

sudo prompts for a password. Because there's no user to provide one, the command fails.

Repro steps

run "sudo -u nobody" on a binary in the build directory. See https://github.com/daztucker/runner-test/blob/main/.github/workflows/c-cpp.yml fro example.
@daztucker daztucker mentioned this issue Aug 18, 2022
Open
@al-cheb
Copy link
Contributor

al-cheb commented Aug 18, 2022

Hello @daztucker.
I can't reproduce the issue using command sudo -u nobody id:

image

@al-cheb al-cheb added question Further information is requested OS: Ubuntu investigate Collect additional information, like space on disk, other tool incompatibilities etc. and removed needs triage labels Aug 18, 2022
@daztucker
Copy link
Author

daztucker commented Aug 18, 2022 via email

@mikhailkoliada mikhailkoliada self-assigned this Aug 18, 2022
@al-cheb
Copy link
Contributor

al-cheb commented Aug 18, 2022

@daztucker, it's a new security feature in Ubuntu 22.04 (Private home directories) - https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-22-04-lts

- run: |
          sudo chmod o+rx ~
          cp $(which id) ~/id
          sudo -u nobody ~/id

image

@daztucker
Copy link
Author

Thanks, with that information I was able to add your workaround.

@mikhailkoliada mikhailkoliada mentioned this issue Nov 23, 2022
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikhailkoliada mikhailkoliada

Labels
bug report investigate Collect additional information, like space on disk, other tool incompatibilities etc. OS: Ubuntu question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daztucker @al-cheb @mikhailkoliada