Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sudo: 3 incorrect password attempts --> faillock, I expect only 1 incorrect password attempt #1043

Open
adabru opened this issue Dec 1, 2023 · 1 comment
Open

sudo: 3 incorrect password attempts --> faillock, I expect only 1 incorrect password attempt #1043

adabru opened this issue Dec 1, 2023 · 1 comment
Labels
Bug Label for all kind of bugs.

Comments

@adabru
Copy link

adabru commented Dec 1, 2023

Describe the bug

When I'm using sudo in an operation and type the wrong password, I get a faillock and the message sudo: 3 incorrect password attempts. I'd expect only 1 failed attempt so I can check why the password is wrong. I'm using the operation on an arch-linux server.

To Reproduce

deploy.py

from pyinfra.operations import files

files.file("/test", present=True, _sudo=True)

Dockerfile

FROM ubuntu:18.04
RUN apt-get update && \
      apt-get -y install sudo
RUN useradd -m peter && echo "peter:peter" | chpasswd && adduser peter sudo
USER peter
CMD /bin/bash
# docker doesn't work for me at all, it always says 'sudo: a password is required'
docker build -t bug_report .
sudo pyinfra @docker/bug_report deploy.py -vv

# typing the correct password works, but the wrong password will yield 'sudo: 3 incorrect password attempts'
pyinfra my_arch_server deploy.py -vv

Expected behavior

I'd expect something like sudo: 1 incorrect password attempt after using a wrong password.

Meta

  • Include output of pyinfra --support.

    --> Support information:

  If you are having issues with pyinfra or wish to make feature requests, please
  check out the GitHub issues at https://github.com/Fizzadar/pyinfra/issues .
  When adding an issue, be sure to include the following:

  System: Linux
    Platform: Linux-6.6.2-arch1-1-x86_64-with-glibc2.38
    Release: 6.6.2-arch1-1
    Machine: x86_64
  pyinfra: v2.8
  Executable: /home/adabru/.local/bin/pyinfra
  Python: 3.11.6 (CPython, GCC 13.2.1 20230801)

  • How was pyinfra installed (source/pip)? -> pipx install pyinfra

  • Consider including output with -vv and --debug.

sudo pyinfra @docker/bug_report deploy.py -vv 

  --> Loading config...

  --> Loading inventory...

  --> Connecting to hosts...
  localhost: >>> docker container inspect bug_report
  localhost: >>> docker run -d bug_report tail -f /dev/null
      [@docker/bug_report] Connected

  --> Preparing Operations...
      Loading: deploy.py
  [@docker/bug_report] >>> sh -c 'docker exec -i 63f935d8c595c45247509dbb4ef73928426b5b2eec50b92a6c4a564ef559bad8 sh -c '"'"'sudo -H -n sh -c '"'"'"'"'"'"'"'"'! (test -e /test || test -L /test ) || ( stat -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'user=%U group=%G mode=%A atime=%X mtime=%Y ctime=%Z size=%s %N'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"' /test 2> /dev/null || stat -f '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'user=%Su group=%Sg mode=%Sp atime=%a mtime=%m ctime=%c size=%z %N%SY'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"' /test )'"'"'"'"'"'"'"'"''"'"''
  [@docker/bug_report] sudo password:
  [@docker/bug_report] >>> env SUDO_ASKPASS=/tmp/pyinfra-sudo-askpass-oWGeKiPOqbvR *** sh -c 'docker exec -i 63f935d8c595c45247509dbb4ef73928426b5b2eec50b92a6c4a564ef559bad8 sh -c '"'"'sudo -H -n sh -c '"'"'"'"'"'"'"'"'! (test -e /test || test -L /test ) || ( stat -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'user=%U group=%G mode=%A atime=%X mtime=%Y ctime=%Z size=%s %N'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"' /test 2> /dev/null || stat -f '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'user=%Su group=%Sg mode=%Sp atime=%a mtime=%m ctime=%c size=%z %N%SY'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"' /test )'"'"'"'"'"'"'"'"''"'"''
      [@docker/bug_report] sudo: a password is required
      [@docker/bug_report] Error: could not load fact: files.File path=/test
  localhost: >>> docker commit 63f935d8c595c45247509dbb4ef73928426b5b2eec50b92a6c4a564ef559bad8
  localhost: >>> docker rm -f 63f935d8c595c45247509dbb4ef73928426b5b2eec50b92a6c4a564ef559bad8
      [@docker/bug_report] docker build complete, image ID: 656ba86540a9
  --> pyinfra error: No hosts remaining!

pyinfra adabru deploy.py -vv 

--> Loading config...

--> Loading inventory...

--> Connecting to hosts...
    [adabru] Connected

--> Preparing Operations...
    Loading: deploy.py
[adabru] >>> sudo -H -n sh -c '! (test -e /test || test -L /test ) || ( stat -c '"'"'user=%U group=%G mode=%A atime=%X mtime=%Y ctime=%Z size=%s %N'"'"' /test 2> /dev/null || stat -f '"'"'user=%Su group=%Sg mode=%Sp atime=%a mtime=%m ctime=%c size=%z %N%SY'"'"' /test )'
[adabru] sudo password:
[adabru] >>> env SUDO_ASKPASS=/tmp/pyinfra-sudo-askpass-Xj9hNqVu1DA5 *** sudo -H -A -k sh -c '! (test -e /test || test -L /test ) || ( stat -c '"'"'user=%U group=%G mode=%A atime=%X mtime=%Y ctime=%Z size=%s %N'"'"' /test 2> /dev/null || stat -f '"'"'user=%Su group=%Sg mode=%Sp atime=%a mtime=%m ctime=%c size=%z %N%SY'"'"' /test )'
    [adabru] Sorry, try again.
    [adabru] Sorry, try again.
    [adabru] sudo: 3 incorrect password attempts
    [adabru] Error: could not load fact: files.File path=/test
--> pyinfra error: No hosts remaining!

@adabru adabru added the Bug Label for all kind of bugs. label Dec 1, 2023
@Fizzadar
Copy link
Member

Fizzadar commented Feb 3, 2024

Hm, usually sudo should only do one attempt in non interactive mode. This feels like something arch specific, I’ll try to replicate in docker..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Label for all kind of bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fizzadar @adabru