group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1781991] Re: libsss-sudo.postinst clobbers local change to /etc/nsswitch.conf

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1781991@xxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Jun 2019 16:12:20 -0000
Reply-to: Bug 1781991 <1781991@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package sssd - 1.16.1-1ubuntu1.3

---------------
sssd (1.16.1-1ubuntu1.3) bionic; urgency=medium

  * d/libsss-sudo.postinst: Add sss entry to nsswitch only on initial install.
    Thanks to Timo Aaltonen <tjaalton@xxxxxxxxxx> (LP: #1781991)

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Tue, 28 May 2019 10:52:13
-0300

** Changed in: sssd (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1781991

Title:
  libsss-sudo.postinst clobbers local change to /etc/nsswitch.conf

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Xenial:
  Fix Released
Status in sssd source package in Bionic:
  Fix Released
Status in sssd package in Debian:
  Fix Released

Bug description:
  [Impact]
  The libsss-sudo package insists on inserting a "sudoers: files sss" configuration line into /etc/nsswitch.conf at install time and every upgrade after that. If the line already exists and has no "sss" component, the postinst adds that.

  This behavior ignores changes the user might have done. For example,
  some users remove "sss", like seen in bug #1249777. At the next
  upgrade, libsss-sudo will just add it back again.

  The proposed fix here is already applied in debian and later ubuntu
  releases, and only triggers the nsswitch.conf check on first install.

  [Test Case]

  * Install libsss-sudo:
  $ sudo apt install libsss-sudo

  * Verify the sudoers line with sss was added to /etc/nsswitch.conf:
  $ grep ^sudoers /etc/nsswitch.conf
  sudoers:        files sss

  * Remove sss from that line, so it becomes:
  $ grep ^sudoers /etc/nsswitch.conf
  sudoers:        files

  * Reinstall the package (or upgrade to a package without the fix):
  sudo apt install --reinstall libsss-sudo

  * Without the fix, sss will be back:
  $ grep ^sudoers /etc/nsswitch.conf
  sudoers:        files sss

  * With the fixed package, the line will remain as you left it before, without sss:
  $ grep ^sudoers /etc/nsswitch.conf
  sudoers:        files

  [Regression Potential]
  Someone could perhaps be surprised that reinstalling the package won't make it "work again", in the case they removed "sss" from the sudoers line in /etc/nsswitch.conf and expected a reinstallation to fix it.

  [Other Info]
  One could argue that if the user doesn't want to use sudo with sss, then why install libsss-sudo?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1781991/+subscriptions