[sudo-workers] Match_group_by_gid issue
Todd C. Miller
Todd.Miller at courtesan.com
Mon Apr 3 09:10:09 MDT 2017
I don't think this is solvable on the sudo end. The only thing
sudo could do would be to iterate over all groups using getgrent()
to try and handle the duplicate group names. That would be rather
slow.
If the user wants the sssd groups to take precedence over local
ones, they should set it to be first in nsswitch.conf. E.g.
group: sss compat
Alternately, something like the following might work:
group: compat [SUCCESS=continue] sss
- todd
More information about the sudo-workers
mailing list