Back to Changelog
v1.0.323
Full-SSH (sshfull) sudoers self-heal on every backend startup (SH-013): fixes sudo denied after binary-only updates or server migrations.
Improvement
1- Sudoers self-heal is guarded and idempotent: if the rule is already present (fresh install or operator-customised file), the file is never rewritten and custom rules are preserved; only the file mode is normalised to 0440 if it drifted.
Bug Fixes
2- Full-SSH (sshfull) login now works correctly after binary-only updates or server migrations: the NOPASSWD pn-cgroup-shell sudoers rule is guaranteed on every backend startup (SH-013 idempotent self-heal, visudo-validated, atomic rename — a malformed rule can never reach /etc/sudoers.d).
- Eliminated the "user is not allowed to run sudo" error that sshfull users received on hosts that were updated via package apply or migrated via rsync, because the fresh-installer-only sudoers rule was never carried by the binary.