On 08.11.2014 21:35, Andreas Beckmann wrote: > BTW, isn't doing that in the postrm too late anyway? Shouldn't that be > removed already by "prerm remove"? With the postrm approach there is a > small timespan where sudo could fail: the libsss library is already > removed, but still referenced in /etc/nsswitch.conf. (And in the worst > case the machine crashes at that moment - rebooting with a broken > sudoers configuration in /etc/nsswitch.conf)
It doesn't matter, sudo works just fine if there are leftovers on the sudoers entry. It might complain though, but not break. > You could append this to your postrm sed script to remove sudoer: files > after disabling sss > > /^sudoers: files$/d > > Or is there any other source that could add a sudoers line to > /etc/nsswitch.conf? I've added a snippet to remove sudoers: if the line ends with 'files'. > Also note that your postinst script has misleading comments talking > about passwd, group, etc. lines being modified. fixed > Also the following sequence does not enable sss for sudoers: > > apt-get install libsss-sudo # sss gets enabled > apt-get remove libsss-sudo # sss gets disabled, don't purge > apt-get install libsss-sudo # goes the "upgrade, nothing to do" branch fixed by running insert_nss_entry unconditionally, since it has sanity checks in place anyway. -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org