systemd hostnamectl changes hostname without sudo

genogebot · 10-26-2016, 03:00 PM

If I want to change the hostname on one of my Xubuntu 16.04.1 installations I usually edit /etc/hostname and /etc/hosts, which requires doing the usual 'sudo' to access the files in write mode as both have '-rw-r--r-' permissions.

I recently saw reference to the systemd command 'hostnamectl' which changes the environment variable and edits /etc/hostname at the same time, but I have found that it does not require 'sudo'. I can just enter 'hostnamectl set-hostname <whatever>' in a terminal and the string in /etc/hostname has been changed, without ever being asked for a password.

Is hostnamectl supposed to do that? It means anyone can change the hostname without root access. Surely this should require an admin password to do that.

jefro · 10-26-2016, 04:30 PM

When I see this I assume that the user has been granted some higher level permission. You'd have to check on that to be sure. I get the feeling that you are not changing the traditional host name.

Look at this for some tips.
https://www.freedesktop.org/software...stnamectl.html

http://www.cyberciti.biz/faq/rhel-re...tname-command/

genogebot · 10-26-2016, 05:49 PM

Quote:

Originally Posted by jefro

When I see this I assume that the user has been granted some higher level permission. You'd have to check on that to be sure. I get the feeling that you are not changing the traditional host name.

I thought the same thing, that somehow I had messed up the permissions, but I can't find anything to support that premise. Just to be sure, though, I performed a fresh unmodified install of Xubuntu 16.04.1 onto an old hard drive, and the same situation occurred on first boot - no password is required to change the hostname through hostnamectl. As to the 'traditional host name', hostnamectl is changing the text in /etc/hostname, and I thought that was the reference for the systems's hostname.

Code:

phil@Xubuntu-Development:~$ hostname
Xubuntu-Development
phil@Xubuntu-Development:~$ cat /etc/hostname
Xubuntu-Development
phil@Xubuntu-Development:~$ hostnamectl set-hostname Xubuntu-Whatever
phil@Xubuntu-Development:~$ hostname
Xubuntu-Whatever
phil@Xubuntu-Development:~$ cat /etc/hostname
Xubuntu-Whatever
phil@Xubuntu-Development:~$ hostnamectl set-hostname Xubuntu-Development
phil@Xubuntu-Development:~$ hostname
Xubuntu-Development
phil@Xubuntu-Development:~$ cat /etc/hostname
Xubuntu-Development

I also tried one of my Linux Mint 18 Mate installations on a different computer, and again hostnamectl does not require a password to rewrite /etc/hostname. At the moment I'm inclined to think this is a bug in either systemd or Ubuntu's implementation of systemd.

Jjanel · 10-26-2016, 06:03 PM

Wow! "If it's too good|bad to be true, it probably isn't [true]"! Maybe post output of:

ls -l `which hostnamectl`
sum /usr/bin/hostnamectl
dpkg -V systemd

genogebot · 10-26-2016, 06:11 PM

Quote:

Originally Posted by Jjanel

Wow! "If it's too good|bad to be true, it probably isn't [true]"! Maybe post output of:

ls -l `which hostnamectl`
sum /usr/bin/hostnamectl
dpkg -V systemd

Speak, and it shall be done

:

Code:

$ ls -l `which hostnamectl`
-rwxr-xr-x 1 root root 294096 Oct  5 10:13 /usr/bin/hostnamectl
$ sum /usr/bin/hostnamectl
29693   288
$ dpkg -V systemd
??5?????? c /etc/systemd/system.conf
??5?????? c /etc/systemd/timesyncd.conf
??5?????? c /etc/systemd/journald.conf

Code:

$ debsums systemd | grep hostnamectl
/usr/bin/hostnamectl                                                          OK
/usr/share/bash-completion/completions/hostnamectl                            OK
/usr/share/man/man1/hostnamectl.1.gz                                          OK
/usr/share/zsh/vendor-completions/_hostnamectl                                OK

Jjanel · 10-26-2016, 06:35 PM

file /usr/bin/hostnamectl
will probably say 64bit; mine is 32bit, but it's probably ok [because]
I tried [strace then] ltrace -S -f -o xx [sudo] hostnamectl set-hostname whatever
*BUT* it 'talks' over socket to Dbus, so I have no idea how to trace the systemd 'MONSTER' & gave up.
No idea on the dpkg -V 'errors[?]' ... Over to next LQ 'hacker'

"Crash Systemd in One Line as Any User"

genogebot · 10-26-2016, 06:39 PM

Quote:

Originally Posted by Jjanel

file /usr/bin/hostnamectl
will probably say 64bit; mine is 32bit, but it's probably ok [because]
I tried [strace then] ltrace -S -f -o xx [sudo] hostnamectl set-hostname whatever
*BUT* it 'talks' over socket to Dbus, so I have no idea how to trace the systemd 'MONSTER' & gave up.
No idea on the dpkg -V 'errors[?]' ... Over to next LQ 'hacker'

Yeah, I tried tracing the calls when I was first investigating this, and I hit the same wall.

I was trying to see at what point /etc/hostname was modified, but I couldn't find any reference to that file in the output, so I just moved on.

Emerson · 10-26-2016, 06:55 PM

It is true! I have a little domesticated Mint in a VM to support friends who run *buntus. User definitely can change the hostname without elevated rights.

jefro · 10-26-2016, 07:12 PM

Find the command and change file based permissions. ???

Another systemd bug. ??

genogebot · 10-26-2016, 08:01 PM

Ok, on the (possibly incorrect) assumption that this is a bug in Ubuntu, I filed a bug report at https://bugs.launchpad.net/ubuntu/+s...d/+bug/1637030. The bug reporting system made it 'private' because it is security-related. Presumably that will change.

Emerson · 10-26-2016, 08:04 PM

I have RPi here running Raspbian (Debian) for Agocontrol. I tried to change the hostname as unprivileged user and was asked to authenticate.

genogebot · 10-26-2016, 08:06 PM

Quote:

Originally Posted by Emerson

I have RPi here running Raspbian (Debian) for Agocontrol. I tried to change the hostname as unprivileged user and was asked to authenticate.

Thanks, that reinforces the view that this is an Ubuntu systemd implementation bug.

Timothy Miller · 10-26-2016, 08:11 PM

Quote:

Originally Posted by genogebot

Thanks, that reinforces the view that this is an Ubuntu systemd implementation bug.

Yup, I can confirm on my Debian laptop that it asks for authentication when trying it as an unprivileged user.

edit: also tried on one of my Arch linux machines, and was prompted when attempting as a non-privileged user.

genogebot · 10-26-2016, 11:38 PM

Quote:

Originally Posted by Jjanel

it 'talks' over socket to Dbus, so I have no idea how to trace the systemd 'MONSTER'

I followed the info at https://wiki.ubuntu.com/DebuggingDBus - specifically the part about 'How to monitor the system bus'. I did the modification on the old hard drive installation of Xubuntu 16.04.1 and did

Code:

sudo dbus-monitor --system > dbus-mon.txt

then in another terminal did

Code:

hostnamectl set-hostname Xubuntu-Bad

This produced a 60kB file containing a lot of method call debug text such as:

Code:

method call time=1477537351.012853 sender=:1.66 -> destination=org.freedesktop.hostname1 serial=4 path=/org/freedesktop/hostname1; interface=org.freedesktop.hostname1; member=SetHostname
   string "Xubuntu-Bad"
   boolean true

So if you ever want to trace dbus, maybe that's the way to do it.

Was it helpful? Not in the least

Not yet, anyway. I'm still digging through it.

I did see (at https://www.freedesktop.org/wiki/Software/systemd/dbus/ this:

Quote:

Security

Read access is generally granted to all clients, but changes may only be made by privileged clients. PolicyKit is not used by this service, and access controlled exclusively via the D-Bus policy enforcement.

So perhaps the problem lies in Ubuntu's dbus security configuration.

Jjanel · 12-16-2016, 04:23 AM

Your bug got 'resolved'[?]. Is your polkit hostname1 same as github? (sudo[?])