[Bug 1781991] Re: libsss-sudo.postinst clobbers local change to /etc/nsswitch.conf

Andreas Hasenack andreas at canonical.com
Tue May 28 14:19:35 UTC 2019

** Description changed:

- I have reported this bug to Debian, but this applies equally to Ubuntu.
- Please see the Debian bug report for details.
+ [Impact] 
+ The libsss-sudo package insists on inserting a "sudoers: files sss" configuration line into /etc/nsswitch.conf at install time and every upgrade after that. If the line already exists and has no "sss" component, the postinst adds that.
+ This behavior ignores changes the user might have done. For example,
+ some users remove "sss", like seen in bug #1249777. At the next upgrade,
+ libsss-sudo will just add it back again.
+ The proposed fix here is already applied in debian and later ubuntu
+ releases, and only triggers the nsswitch.conf check on first install.
+ [Test Case]
+  * detailed instructions how to reproduce the bug
+  * these should allow someone who is not familiar with the affected
+    package to reproduce the bug and verify that the updated package fixes
+    the problem.
+ [Regression Potential]
+  * discussion of how regressions are most likely to manifest as a result
+ of this change.
+  * It is assumed that any SRU candidate patch is well-tested before
+    upload and has a low overall risk of regression, but it's important
+    to make the effort to think about what ''could'' happen in the
+    event of a regression.
+  * This both shows the SRU team that the risks have been considered,
+    and provides guidance to testers in regression-testing the SRU.
+ [Other Info]
+  * Anything else you think is useful to include
+  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
+  * and address these questions in advance

You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to sssd in Ubuntu.

  libsss-sudo.postinst clobbers local change to /etc/nsswitch.conf

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list