[sudo-users] Warning email when listing sudo perms

Paul Cantle paul at cantle.me
Wed Dec 2 13:52:01 MST 2015


Doesn’t seem to be the case with sssd. 

I already have a root sudoRole (apologies, I referenced it as a “container” in my original email) and it was populated with some sudoAttributes, etc. I have cleared all sudo*attributes from it and restarted sssd.

Now it looks like this

sudoCommand = NULL
sudoHost = NULL
sudoNotAfter = NULL
sudoNotBefore = NULL
SudoOption = NULL
sudoOrder = NULL
sudoRunAs = NULL
sudoRunAsGroup = NULL
sudoRunAsUser = NULL
sudoUser = NULL

I executed a sudo -l (as root).

I still got the warning mail and the following still appears in the debug log

Dec  2 20:48:07 sudo[23093] sudo_sss_lookup(52)=0x62



On 02/12/2015, 20:39, "Todd C. Miller" <Todd.Miller at courtesan.com> wrote:

>On Wed, 02 Dec 2015 13:18:57 -0700, "Todd C. Miller" wrote:
>> OK, that confirms it--the flags for no such user and no such host
>> are set.  I don't think there is a configuration workaround for
>> this.
>Actually, just adding a sudoRole for root would avoid the problem.
>For the LDAP backend a sudoRole with no sudoCommand does the trick.
>I would expect it to work for SSSD as well.
> - todd

More information about the sudo-users mailing list