[sudo-users] sudo change is behavior between RHEL6.5 and RHEL 6.6
SERIEYE, Yan
yan.serieye at sfr.com
Thu May 26 13:06:51 MDT 2016
I have already done that but for now i don't get any answer.
And by the way my ldap implementation is not working on ubuntu either with sudo 1.8.9p5.
I think that what we implement was only valid on the redhat 6.5 version (I didn't find any trace of a sudo_sss_filter_sudoUser function in the official code the patch replace it with the official sudo_sss_filter_user_netgroup).
I'd like to refactor my implementation be "official sudo" compatible.
That why I wanted to know what my options are :
- transforming my users group into users netgroup
- keep my non unix users group and find a way to make it work ( may be with group_plugin but i don't clearly understand how it work) ?
- other idea ?
Yan
-----Message d'origine-----
De : Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Envoyé : jeudi 26 mai 2016 19:07
À : SERIEYE, Yan
Cc : sudo-users at sudo.ws
Objet : Re: [sudo-users] sudo change is behavior between RHEL6.5 and RHEL 6.6
On Thu, 26 May 2016 16:38:12 -0000, "SERIEYE, Yan" wrote:
> We use sudo with SSSD in order to get sudo right that are stored in an active
> directory.
>
> My user yserieye is Member of a certain number of groups that begin with SU
> DO_* and is Primary group is ING800 (GUID=10001).
> SUDO_* group are not Unix group
>
> In my Ldap Sudoers Rules I put sudoUser=%SUDO_XXXX.
>
> On redhat 6.5 version of sudo is 1.8.6p3, it worked fine my user yserieye mat
> ches the Rules where sudoUser is a group he belongs to.
>
> But since redhat 6.6 which use the same version with a few patch it doesn't w
> ork any more.
Since this is a redhat-specific patch I think you'll need to file
a bug with them.
- todd
More information about the sudo-users
mailing list