[sudo-users] Sudo + sssd + active directory + netgroup (nisNetgroupTriple) different behavior in different sudo versions
Jan Rendos
jan.rendos at qnective.com
Thu Nov 10 08:40:22 MST 2016
It might be the same bug.
but when I edit the SUDOrole object and add !fqdn to sudoOption it has no effect. It still tries to compare FQDN with the nisNetgroupTriple.
And what about the other issue that sudo tries to compare the user in the triple as well? I think it should match when the user part of triple is empty since the user matches the SUDOrole already.
Thanks,
Jan
________________________________
From: Todd C. Miller <Todd.Miller at courtesan.com>
Sent: 10 November 2016 14:52
To: Jan Rendos
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Sudo + sssd + active directory + netgroup (nisNetgroupTriple) different behavior in different sudo versions
That sounds like this bug: https://bugzilla.sudo.ws/show_bug.cgi?id=757
It was fixed in sudo 1.8.18 but Ubuntu 16.06 ships with sudo 1.8.16.
As a workaround you can disable the fqdn option. For example:
dn: cn=defaults,ou=SUDOers,dc=example,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: !fqdn
More information about the sudo-users
mailing list