[Bug 2003337] [NEW] update removes sss entry from nsswitch.conf
Launchpad Bug Tracker
2003337 at bugs.launchpad.net
Thu Apr 13 14:40:00 UTC 2023
You have been subscribed to a public bug:
Description: Ubuntu 20.04.5 LTS
Release: 20.04
apt-cache policy sudo-ldap
sudo-ldap:
Installed: 1.8.31-1ubuntu1.4
Candidate: 1.8.31-1ubuntu1.4
Version table:
*** 1.8.31-1ubuntu1.4 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
500 http://archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages
100 /var/lib/dpkg/status
1.8.31-1ubuntu1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
In case sudo via sssd service is managed, an update of the sudo-ldap package is removing the sss entry from nsswitch.conf which causes sudo not to work anymore against sssd (ldap/AD).
The /etc/nsswitch.conf needs to be adopted (via root) in some scenarios
when sudo does not work anymore, this can become a hen and egg problem.
The postinst routine should respect sssd or any other previous
configured entry(ies) and pushing static hardcoded conf options without
further checking should be prevented.
before update:
/etc/nsswitch.conf
...
sudoers: files sss
...
after update:
/etc/nsswitch.conf
...
sudoers: files ldap
...
The change is pushed via post install routine:
cat /var/lib/dpkg/info/sudo-ldap.postinst
...
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
...
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
** Tags: nsswitch sssd sudo-ldap
--
update removes sss entry from nsswitch.conf
https://bugs.launchpad.net/bugs/2003337
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to sudo in Ubuntu.
More information about the foundations-bugs
mailing list