Public bug reported:
Description: Ubuntu 20.04.5 LTS
Release: 20.04
apt-cache policy sudo-ldap
sudo-ldap:
Installed: 1.8.31-1ubuntu1.4
Candidate: 1.8.31-1ubuntu1.4
Version table:
*** 1.8.31-1ubuntu1.4 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64
Packages
500 http://archive.ubuntu.com/ubuntu focal-security/universe amd64
Packages
100 /var/lib/dpkg/status
1.8.31-1ubuntu1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
In case sudo via sssd service is managed, an update of the sudo-ldap package is
removing the sss entry from nsswitch.conf which causes sudo not to work anymore
against sssd (ldap/AD).
The /etc/nsswitch.conf needs to be adopted (via root) in some scenarios
when sudo does not work anymore, this can become a hen and egg problem.
The postinst routine should respect sssd or any other previous
configured entry(ies) and pushing static hardcoded conf options without
further checking should be prevented.
before update:
/etc/nsswitch.conf
...
sudoers: files sss
...
after update:
/etc/nsswitch.conf
...
sudoers: files ldap
...
The change is pushed via post install routine:
cat /var/lib/dpkg/info/sudo-ldap.postinst
...
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
...
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
** Tags: nsswitch sssd sudo-ldap
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2003337
Title:
update removes sss entry from nsswitch.conf
Status in sudo package in Ubuntu:
New
Bug description:
Description: Ubuntu 20.04.5 LTS
Release: 20.04
apt-cache policy sudo-ldap
sudo-ldap:
Installed: 1.8.31-1ubuntu1.4
Candidate: 1.8.31-1ubuntu1.4
Version table:
*** 1.8.31-1ubuntu1.4 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64
Packages
500 http://archive.ubuntu.com/ubuntu focal-security/universe amd64
Packages
100 /var/lib/dpkg/status
1.8.31-1ubuntu1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
In case sudo via sssd service is managed, an update of the sudo-ldap package
is removing the sss entry from nsswitch.conf which causes sudo not to work
anymore against sssd (ldap/AD).
The /etc/nsswitch.conf needs to be adopted (via root) in some
scenarios when sudo does not work anymore, this can become a hen and
egg problem.
The postinst routine should respect sssd or any other previous
configured entry(ies) and pushing static hardcoded conf options
without further checking should be prevented.
before update:
/etc/nsswitch.conf
...
sudoers: files sss
...
after update:
/etc/nsswitch.conf
...
sudoers: files ldap
...
The change is pushed via post install routine:
cat /var/lib/dpkg/info/sudo-ldap.postinst
...
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2003337/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
