[sudo-users] sudo change is behavior between RHEL6.5 and RHEL 6.6

SERIEYE, Yan yan.serieye at sfr.com
Thu May 26 13:06:51 MDT 2016


I have already done that but for now i don't get any answer. 

And by the way  my  ldap implementation is not working  on ubuntu either  with  sudo 1.8.9p5.

I think that what we implement was only valid on the redhat 6.5 version (I didn't find any trace of a sudo_sss_filter_sudoUser function in the official code the patch   replace  it with the official sudo_sss_filter_user_netgroup).

I'd like to refactor my implementation be "official sudo" compatible.

That why I wanted to know what my options are :
- transforming my users group into users netgroup
- keep my non unix users group and find a way to make it work ( may be with group_plugin but i don't clearly understand how it work) ?
- other idea ?


Yan 



-----Message d'origine-----
De : Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
Envoyé : jeudi 26 mai 2016 19:07
À : SERIEYE, Yan
Cc : sudo-users at sudo.ws
Objet : Re: [sudo-users] sudo change is behavior between RHEL6.5 and RHEL 6.6

On Thu, 26 May 2016 16:38:12 -0000, "SERIEYE, Yan" wrote:

> We use sudo with SSSD in order to get sudo right that are stored in an active
>  directory.
> 
> My user yserieye is Member of   a certain number of groups that begin with SU
> DO_*  and is Primary group is ING800 (GUID=10001).
> SUDO_* group are not Unix group
> 
> In my Ldap Sudoers Rules I put sudoUser=%SUDO_XXXX.
> 
> On redhat 6.5 version of sudo is 1.8.6p3, it worked fine my user yserieye mat
> ches the Rules where  sudoUser is a  group he belongs to.
> 
> But since redhat 6.6 which use the same version with a few patch it doesn't w
> ork any more.

Since this is a redhat-specific patch I think you'll need to file
a bug with them.

 - todd


More information about the sudo-users mailing list