[sudo-users] Sudo with SSSD !requiretty being ignored
Miller, Vincent (Rick)
vmiller at verisign.com
Fri Aug 3 06:42:00 MDT 2018
On 8/3/18, 5:10 AM, "sudo-users on behalf of Paul Cantle" <sudo-users-bounces at sudo.ws on behalf of paul at cantle.me> wrote:
Hi Todd,
I must apologise for wasting your time. I think the issue was relating to SSSD caching. This morning I put requiretty back in the defaults container restarted SSSD across 2 machines (a few times). Then initiated a ssh <machine> sudo ls / and it worked fine. I removed !requiretty from the container containing my user and it gave me the "sudo: sorry, you must have a tty to run sudo" msg.
Hi Paul,
This behavior does indeed sound much like SSSD caching. SSSD caches sudo rules. Deleting the cache after stopping, before restarting removes it forcing a refresh. Unfortunately, SSSD doesn't include a command line mechanism to clear cache; It must be manually deleted. On FreeBSD, it's location is /var/db/sss/. I believe Linux (particularly RedHat) may store it at /var/lib/sss/db/.
More information about the sudo-users
mailing list