[Bug 2120708] Re: Incompatible/Missing requiretty setting
Christian Ehrhardt
2120708 at bugs.launchpad.net
Mon Aug 18 09:13:12 UTC 2025
Adding Thomas who might have memory on that from the former [1]-[4]
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2120708
Title:
Incompatible/Missing requiretty setting
Status in cinder package in Ubuntu:
New
Status in rust-sudo-rs package in Ubuntu:
New
Bug description:
The requiretty [1] option is set in openstack setups as tested in autopkgtest.
They recently all perma-fail with issues like
134s Setting up cinder-scheduler (2:26.1.0+git2025070714.27373d61f-0ubuntu2) ...
...
138s /etc/sudoers.d/cinder_sudoers:1:18: 'requiretty' cannot be used in a boolean context
138s Defaults:cinder !requiretty
138s ^~~~~~~~~~
153s autopkgtest [06:19:25]: ERROR: "sh -ec dpkg-query --show -f '${Package}\t${Version}\n' > /tmp/autopkgtest.anZxE7/cinder-daemons-packages.all" failed with stderr "/etc/sudoers.d/cinder_sudoers:1:18: 'requiretty' cannot be used in a boolean context
153s Defaults:cinder !requiretty
153s ^~~~~~~~~~
This is true across all architectures and affects cinder [2] and
glance [3].
Here the example config of that file:
```
$ cat /etc/sudoers.d/cinder_sudoers
Defaults:cinder !requiretty
cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
```
Even simpler repro without the package install:
$ echo 'Defaults:testuser !requiretty' > /etc/sudoers.d/test
# good case
$ sudo ls
# bad case
$ sudo-rs ls
/etc/sudoers.d/test:1:20: 'requiretty' cannot be used in a boolean context
Defaults:testuser !requiretty
^~~~~~~~~~
per man sudors ! is a normal logical negation
And requiretty is listed under "Boolean Flags:".
The same hits other booleran settings, for example
root at p:~# sudo-rs ls
/etc/sudoers.d/test:1:20: 'exec_background' cannot be used in a boolean context
Defaults:testuser !exec_background
^~~~~~~~~~~~~~~
I found that without the negation one can check if sudo-rs has the
feature at all.
$ cat /etc/sudoers.d/test
Defaults:testuser requiretty
$ sudo-rs ls
/etc/sudoers.d/test:1:19: unknown setting: 'requiretty'
Defaults:testuser requiretty
^~~~~~~~~~
AFAICS there is nothing open about it [4], so it might take a while.
How do we want to deal with that?
BTW a very crude but quick check based on the man page of sudoers gave me this list confirming that many others would be victim to the same.
$ for flag in $(grep '^\s\s\s\s\s\s\s[a-z]' /tmp/foo | awk '{print $1}'); do echo "Defaults:testuser $flag" > /etc/sudoers.d/test; sudo-rs /usr/bin/ls 2>/tmp/bar >/dev/null; if grep -q "unknown setting" /tmp/bar; then echo "Unknown setting $flag"; else echo "Known setting $flag"; fi; done | sort
Known setting always_query_group_plugin
Known setting always_set_home
Known setting env_check
Known setting env_delete
Known setting env_editor
Known setting env_keep
Known setting env_reset
Known setting fqdn
Known setting lecture
Known setting mail_badpass
Known setting mailerpath
Known setting match_group_by_gid
Known setting passwd_tries
Known setting pwfeedback
Known setting rootpw
Known setting secure_path
Known setting timestamp_timeout
Known setting use_pty
Known setting verifypw
Known setting visiblepw
Unknown setting admin_flag
Unknown setting apparmor_profile
Unknown setting authenticate
Unknown setting authfail_message
Unknown setting badpass_message
Unknown setting case_insensitive_group
Unknown setting case_insensitive_user
Unknown setting closefrom
Unknown setting closefrom_override
Unknown setting cmddenial_message
Unknown setting command_timeout
Unknown setting compress_io
Unknown setting editor
Unknown setting env_file
Unknown setting exec_background
Unknown setting exempt_group
Unknown setting fast_glob
Unknown setting fdexec
Unknown setting group_plugin
Unknown setting ignore_audit_errors
Unknown setting ignore_dot
Unknown setting ignore_iolog_errors
Unknown setting ignore_local_sudoers
Unknown setting ignore_logfile_errors
Unknown setting ignore_unknown_defaults
Unknown setting insults
Unknown setting intercept
Unknown setting intercept_allow_setid
Unknown setting intercept_authenticate
Unknown setting intercept_type
Unknown setting intercept_verify
Unknown setting iolog_dir
Unknown setting iolog_file
Unknown setting iolog_flush
Unknown setting iolog_group
Unknown setting iolog_mode
Unknown setting iolog_user
Unknown setting lecture_file
Unknown setting lecture_status_dir
Unknown setting listpw
Unknown setting log_allowed
Unknown setting log_denied
Unknown setting log_exit_status
Unknown setting log_format
Unknown setting log_host
Unknown setting log_input
Unknown setting log_output
Unknown setting log_passwords
Unknown setting log_server_cabundle
Unknown setting log_server_keepalive
Unknown setting log_server_peer_cert
Unknown setting log_server_peer_key
Unknown setting log_server_timeout
Unknown setting log_server_verify
Unknown setting log_servers
Unknown setting log_stderr
Unknown setting log_stdin
Unknown setting log_stdout
Unknown setting log_subcmds
Unknown setting log_ttyin
Unknown setting log_ttyout
Unknown setting log_year
Unknown setting logfile
Unknown setting loglinelen
Unknown setting long_otp_prompt
Unknown setting mail_all_cmnds
Unknown setting mail_always
Unknown setting mail_no_host
Unknown setting mail_no_perms
Unknown setting mail_no_user
Unknown setting mailerflags
Unknown setting mailfrom
Unknown setting mailsub
Unknown setting mailto
Unknown setting maxseq
Unknown setting netgroup_tuple
Unknown setting noexec
Unknown setting noexec_file
Unknown setting noninteractive_auth
Unknown setting pam_acct_mgmt
Unknown setting pam_askpass_service
Unknown setting pam_login_service
Unknown setting pam_rhost
Unknown setting pam_ruser
Unknown setting pam_service
Unknown setting pam_session
Unknown setting pam_setcred
Unknown setting pam_silent
Unknown setting passprompt
Unknown setting passprompt_override
Unknown setting passprompt_regex
Unknown setting passwd_timeout
Unknown setting path_info
Unknown setting preserve_groups
Unknown setting requiretty
Unknown setting restricted_env_file
Unknown setting rlimit_as
Unknown setting rlimit_core
Unknown setting rlimit_cpu
Unknown setting rlimit_data
Unknown setting rlimit_fsize
Unknown setting rlimit_locks
Unknown setting rlimit_memlock
Unknown setting rlimit_nofile
Unknown setting rlimit_nproc
Unknown setting rlimit_rss
Unknown setting rlimit_stack
Unknown setting role
Unknown setting root_sudo
Unknown setting runas_allow_unknown_id
Unknown setting runas_check_shell
Unknown setting runas_default
Unknown setting runaspw
Unknown setting runchroot
Unknown setting runcwd
Unknown setting selinux
Unknown setting set_home
Unknown setting set_logname
Unknown setting set_utmp
Unknown setting setenv
Unknown setting shell_noargs
Unknown setting stay_setuid
Unknown setting sudoedit_checkdir
Unknown setting sudoedit_follow
Unknown setting sudoers_locale
Unknown setting syslog
Unknown setting syslog_badpri
Unknown setting syslog_goodpri
Unknown setting syslog_maxlen
Unknown setting syslog_pid
Unknown setting targetpw
Unknown setting timestamp_type
Unknown setting timestampdir
Unknown setting timestampowner
Unknown setting tty_tickets
Unknown setting type
Unknown setting umask
Unknown setting umask_override
Unknown setting use_netgroups
Unknown setting user_command_timeouts
Unknown setting utmp_runas
[1]: https://www.baeldung.com/linux/sudo-requiretty-option
[2]: https://autopkgtest.ubuntu.com/packages/c/cinder/questing/amd64
[3]: https://autopkgtest.ubuntu.com/packages/c/glance/questing/amd64
[4]: https://github.com/trifectatechfoundation/sudo-rs/issues?q=is%3Aissue%20state%3Aopen%20requiretty
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2120708/+subscriptions
More information about the foundations-bugs
mailing list