[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Changed in: sudo (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Changed in: sudo (Debian) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Changed in: sudo (Debian) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
This bug was fixed in the package sssd - 2.3.1-3 --- sssd (2.3.1-3) unstable; urgency=medium * control: Move libsss-sudo to sssd-common Suggests. (LP: #1249777) -- Timo Aaltonen Tue, 06 Oct 2020 15:56:19 +0300 ** Changed in: sssd (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
i solved following the last answer in this post: https://superuser.com/questions/1086152/sudo-sending-annoying-alerts-issue-with-defaults-entries adding ssh and sudo to the services option in the sssd section of sssd.conf worked for me: ### sssd.conf [sssd] services = nss, sudo, pam, ssh i'm not using freeipa so i don't know if the freeipa-clients install problem reported in the cited post still persist. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Tilman Schmidt, thank you for identifying the two separate issues. Your assessment seems reasonable. Let's use this bug to track the original issue. For the separate matter of local changes to /etc/nsswitch.conf being clobbered on package upgrade, I've filed bug 1781991 and a corresponding bug in Debian. Hopefully as soon as that bug is fixed, the workaround for this bug will continue to work following package upgrades. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Confirm, that solution from #19 works on Ubuntu 16.04 only until next update, after each update I need to change file manually again! Please provide solution for remove this option permanently! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Launchpad has imported 2 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=879633.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2012-11-23T14:14:24+00:00 Pavel wrote:
Created attachment 650460
proposed patch
Description of problem:
When sudo is used with sssd and a local user runs sudo, an e-mail is sent to
administrator, because sssd does not support sudo rules for local users. It is
not an error, only noise.
Version-Release number of selected component (if applicable):
sudo-1.8.6p3-1
Steps to Reproduce:
1. configure sudo to use sssd as data source ('sudoers: files sss' in
/etc/nsswitch.conf
2. run sssd
3. log in as local user
4. run 'sudo -l' as local user
Actual results:
E-mail is sent to administrator:
"problem with defaults entries ; TTY=pts/2 ; PWD=/home/fuero"
Expected results:
No e-mail is sent.
Additional info:
>From sudo logs:
Nov 23 15:06:27 sudo[18514] -> sudo_sss_setdefs @ ./sssd.c:331
Nov 23 15:06:27 sudo[18514] Looking for cn=defaults
Nov 23 15:06:27 sudo[18514] The user was not found in SSSD.
Nov 23 15:06:27 sudo[18514] <- sudo_sss_setdefs @ ./sssd.c:348 := -1
Nov 23 15:06:27 sudo[18514] -> log_error @ ./logging.c:473
Nov 23 15:06:27 sudo[18514] -> vlog_error @ ./logging.c:421
Nov 23 15:06:27 sudo[18514] -> set_perms @ ./set_perms.c:116
Nov 23 15:06:27 sudo[18514] set_perms: PERM_ROOT: uid: [0, 0, 0] -> [0, 0, 0]
Nov 23 15:06:27 sudo[18514] -> sudo_grlist_addref @ ./pwutil.c:770
Nov 23 15:06:27 sudo[18514] <- sudo_grlist_addref @ ./pwutil.c:772
Nov 23 15:06:27 sudo[18514] <- set_perms @ ./set_perms.c:350 := true
Nov 23 15:06:27 sudo[18514] -> new_logline @ ./logging.c:746
Nov 23 15:06:27 sudo[18514] <- new_logline @ ./logging.c:867 := problem with
defaults entries ; TTY=pts/3 ; PWD=/home/pbrezina ;
Nov 23 15:06:27 sudo[18514] -> send_mail @ ./logging.c:524
Nov 23 15:06:27 sudo[18514] -> do_syslog @ ./logging.c:138
Reply at:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/comments/0
On 2013-02-21T09:45:04+00:00 errata-xmlrpc wrote:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
http://rhn.redhat.com/errata/RHBA-2013-0363.html
Reply at:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/comments/1
** Changed in: sudo (Fedora)
Status: Unknown => Fix Released
** Changed in: sudo (Fedora)
Importance: Unknown => Undecided
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1249777
Title:
libsss-sudo generated nsswitch.conf leads to error messages upon sudo
invocation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
IMHO we have two separate issues here, both of which need to be addressed: First, and most important, installing an update for the sssd package MUST NOT revert an intentional local configuration change. If you insist in adding `sss` to the `sudoers` line in nsswitch.conf on initial installation, you'll need to do it in such a way that it *only* happens on initial installation, and not on every update. Second, sssd should handle that configuration more gracefully, as proposed by 4tro in comment #24. But the first issue is the much more urgent one. In a company environment you must be able to rely on updates not to destroy your local configuration. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Imho, the correct fix here would be to just not fail on not getting sudoers rights from the LDAP. (correctly detecting this specific issue of course) This leaves sudo through sssd enabled for that "minority" of users (the minority probably being companies) Also, when enabling it again, people would still be faced with that error until they add rules on LDAP -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Worse, even if I remove the `sss` entry on the `sudoers` line as suggested, every update of the `sssd` package adds it back again. My preferred solution by far is solution 3) from comment #2 on 2013-11-12. At the very least, updating a package should not kill a manual configuration change. Re comments #14, #15, and #16, this is not a problem of freeipa. It occurs with plain sssd, too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Changed in: sudo (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Bug watch added: Debian Bug tracker #793660 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793660 ** Also affects: sudo (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793660 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
16.04, vanilla install with sssd pointing at LDAP, the issue is still here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
@athompso, seems to work fine here on 16.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Confirming that this problem still affects 16.04 LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
My workaround is to replace sudoers:files sss with sudoers:files in /etc/nsswitch.conf because I do not use the SSS configuration for sudo, just for AD. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
My testing so far hasn't turned up any issues with 1.11.7, I'd be quite pleased to see it land in -updates if you're happy with that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
enables sudo in sssd.conf sssd has MRE, so maybe it's time to push 1.11.7 to -updates.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
So, the ipa-client-install script is fixed in 4.x so that it either doesn't add sudoers to nsswitch.conf, or does enable sudo in sssd.conf? I did indeed have problems finding rules using sssd-1.11.5-1ubuntu3 against FreeIPA server 4.1.2, I'm testing now using your sssd-1.11.7-1~trusty1 packages from ppa:sssd/updates and things seem a lot happier. Is it just a matter of mis-matched LDAP queries that I could track down and override in sssd.conf, or are there more substantial problems your're aware of with the sssd version in Trusty? I'm spinning all this up as a test for a potentially larger migration, and would prefer to stick with LTS packages if possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
you need freeipa-client 4.x for proper sudo integration, vivid has that -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Also affects: sudo (Ubuntu) Importance: Undecided Status: New ** Changed in: sudo (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Well, darn, I seem to have screwed up the status for the sudo package, and now Launchpad won't let me change it back. ** No longer affects: sudo (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Sorry for the noise. Working through this, it's probably a config issue. On joining a host via freeipa-client-install, nsswitch.conf is updated to add sss to sudoers, however sssd.conf is *not* created with services = sudo, so every sudo call gets a hard error trying to look up the defaults entry. As soon as sudo is added to the sssd services list, the spurious emails go away, even if there's no cn=defaults in the IPA directory. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
As a workaround that doesn't require changing /etc/nsswitch.conf, you can also explicitely disable sudo support for your sssd domain : [sssd] services = nss, pam, sudo [mydomain/LDAP] sudo_provider = none -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
lowering importance, you can remove the package if sudo integration isn't used ** Changed in: sssd (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
I have the same problem with trusty 14.04 apt-cache policy sudo sudo: Installed: 1.8.9p5-1ubuntu1 Candidate: 1.8.9p5-1ubuntu1 Version table: *** 1.8.9p5-1ubuntu1 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status ** Attachment added: sudo_debug https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+attachment/4139663/+files/sudo_debug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Sudo in 14.04 is based on 1.8.9p5, which already has that patch from RHBZ.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
And what do you mean sudo didn't change since raring? It's true that saucy has same 1.8.6p3 as raring, but 14.04 has a newer version.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Hi Timo, please notice the timestamp of the comment in which I said that sudo didn't change. I didn't run Trusty back then. It was just to point out that the error did not occur in Raring, but sudo hadn't changed, so it could not have introduced the error. But I can also confirm that the error still occurs with 14.04: antares : May 3 13:30:18 : oliver : problem with defaults entries ; TTY=pts/22 ; PWD=/home/oliver ; $ apt-cache policy sudo sudo: Installed: 1.8.9p5-1ubuntu1 That version indeed has the fix from RH BZ. But I've only now seen the patch that was attached to the bug. If you look at my debug trace above, it says that sss_error is 32570 (which probably isn't the error code for ENOENT). Then take a look at the diff from RH BZ again. In the last line, they didn't change the -1 to 0 as they did a few lines above that, so if sss_error is neither ENOENT nor 0, they return -1, which sudo doesn't understand. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
nope, spoke to soon. I just tested a build with the second debug_return_int(-1) changed to debug_return_int(0) and the error still occurs. No idea then, sorry :/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
oh right, this was opened last year.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
** Bug watch added: Red Hat Bugzilla #879633 https://bugzilla.redhat.com/show_bug.cgi?id=879633 ** Also affects: sudo (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=879633 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
I can confirm this on 14.04 and I also get the message regardless if it's a local or network user who runs sudo. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: sssd (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
I know that the sudo package did not change _at all_ since Raring, where the problem didn't show up. sssd on the other hand changed quite a lot. It affects both local and LDAP users. I don't have any sudo config in LDAP, which is probably the problem. What I believe happens is that either or both of sudo and sssd do not correctly cope with the situation of the sudo configuration not being available in the sssd backing store. Sudo asks sssd for the cn=defaults entry from LDAP, sssd looks for it, doesn't find anything and returns an error. Sudo sees the error and complains. I can come up with three possible solutions: 1) patch sudo to not log a message when sssd returns an error. = probably not the best solution, since we may miss real errors, too. 2) patch sssd to not return an error when the configuration isn't found. = probably slightly better than (1), but we still might miss real errors (I think). BTW, the offending code starts here: https://git.fedorahosted.org/cgit/sssd.git/tree/src/sss_client/sudo/sss_sudo.c#n109 3) patch the sssd package to not alter the nsswitch.conf. = this is probably the best solution. I think the people that store the sudo config in LDAP are quite the minority. I also think that those people know that they need to modify their nsswitch.conf for their configuration to work. Goes a bit against the spirit of Ubuntu, though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1249777] Re: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation
The issue filed in RHBZ was affecting local users (as in, present in /etc/passwd) who invoked sudo rules stored in LDAP. Is that your case? Anyhow, this smells more like a sudo issue rather than sssd.. (I'm not dismissing the problem, just saying..) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1249777 Title: libsss-sudo generated nsswitch.conf leads to error messages upon sudo invocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
