Ask Your Question

Is the file /etc/sudoers.d/50_stack_sh needed anytime after installation of grizzly openstack?

asked 2014-01-06 12:47:48 -0600

Jobin gravatar image

updated 2014-01-06 12:58:32 -0600

I see that installing grizzly openstack using devstack on Ubuntu 12.10 creates a file /etc/sudoers.d/50_stack_sh, the contents of which are as follows:

jobin ALL=(root) NOPASSWD:ALL
Defaults:jobin secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin

This removes the password prompt for all commands I run on my system, which I consider a bit dangerous for the security of the system.

I would like to know if I remove this file once the installation is complete(I feel this file is solely created to remove password prompts while installing, please correct me I am wrong).

Is it fine to delete /etc/sudoers.d/50_stack_sh after the installation in successfully complete? If not, is there a way I can restore password prompts to my user?

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted

answered 2014-01-10 16:45:42 -0600

dtroyer gravatar image

You can delete it and will be answering password prompts afterward, but I can't guarantee that you will see them all, i.e. sudo may be used in a background task.

The bigger question I have is why are you concerned about this on a DevStack machine? If security is a concern beyond testing or validation of code you shouldn't be running DevStack on that machine in the first place. There is a reason we strongly encourage DevStack to be used in disposable VMs, as it is designed more for developer convenience than security.


"Friends don't let friends use DevStack in production."

edit flag offensive delete link more


Oh yes, I better install it as a VM. Thanks dtroyer!

Jobin gravatar imageJobin ( 2014-01-12 21:09:11 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-01-06 12:47:48 -0600

Seen: 994 times

Last updated: Jan 10 '14