Bug 1215850

Summary: sudo no longer works after latest snapshot
Product: [openSUSE] openSUSE Aeon Reporter: Dan Yeaw <dan>
Component: BaseAssignee: Richard Brown <rbrown>
Status: RESOLVED WORKSFORME QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: dan
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dan Yeaw 2023-10-01 16:04:30 UTC 
Overview: after upgrading to snapshot 20230929, the sudo command is failing and saying that the password is incorrect.

Steps to Reproduce:
1. sudo transactional-update dup
[sudo] password for user: 
Sorry, try again.

Actual Results: sudo fails to log in
Expected Results: sudo logs in successfully

Other notes:
su works
Logging in using root works

This is the default sudo config, which allows for any user in the default 'users' group can run sudo if they know the root password. I haven't modified any of the sudo configurations.
Comment 1 hui 2023-10-01 18:14:38 UTC 
According your terminal output the user password is required and not the root one...
[sudo] password for user:
Comment 2 Dan Yeaw 2023-10-01 19:55:44 UTC 
Hi Hui, that is a good catch, my user password does login correctly. However, this is a change in functionality. If I roll back to a previous release, it asks for my root password.

Also if I `sudo visudo`, it is set up as:

```
Defaults targetpw   # ask for the password of the target user i.e. root
ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
```

In this configuration, it should ask for the root password.
Comment 3 Richard Brown 2023-10-05 19:06:46 UTC 
sudo is working just fine

visudo is ignoring drop-in configurations, but Aeon has one, which removes targetpw for users in the wheel group

and the user made by gnome-initial-setup is in the wheel group

this report seems to confirm we can go ahead and lock/disable root on fresh installs now, as requested in https://bugzilla.opensuse.org/show_bug.cgi?id=1213159

Thanks!