[Bug 2003337] Re: update removes sss entry from nsswitch.conf
nean
2003337 at bugs.launchpad.net
Thu Apr 13 14:39:58 UTC 2023
hard-coded overwrite of "/etc/nsswitch.conf" from sudo-ldap package
conflicts with sssd !
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2003337
Title:
update removes sss entry from nsswitch.conf
Status in sudo package in Ubuntu:
New
Bug description:
Description: Ubuntu 20.04.5 LTS
Release: 20.04
apt-cache policy sudo-ldap
sudo-ldap:
Installed: 1.8.31-1ubuntu1.4
Candidate: 1.8.31-1ubuntu1.4
Version table:
*** 1.8.31-1ubuntu1.4 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
500 http://archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages
100 /var/lib/dpkg/status
1.8.31-1ubuntu1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
In case sudo via sssd service is managed, an update of the sudo-ldap package is removing the sss entry from nsswitch.conf which causes sudo not to work anymore against sssd (ldap/AD).
The /etc/nsswitch.conf needs to be adopted (via root) in some
scenarios when sudo does not work anymore, this can become a hen and
egg problem.
The postinst routine should respect sssd or any other previous
configured entry(ies) and pushing static hardcoded conf options
without further checking should be prevented.
before update:
/etc/nsswitch.conf
...
sudoers: files sss
...
after update:
/etc/nsswitch.conf
...
sudoers: files ldap
...
The change is pushed via post install routine:
cat /var/lib/dpkg/info/sudo-ldap.postinst
...
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2003337/+subscriptions
More information about the foundations-bugs
mailing list