[Bug 2130433] Re: sudo-rs breaks SSSD centralized sudo rules
Launchpad Bug Tracker
2130433 at bugs.launchpad.net
Mon Nov 3 12:58:27 UTC 2025
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: rust-sudo-rs (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2130433
Title:
sudo-rs breaks SSSD centralized sudo rules
Status in rust-sudo-rs package in Ubuntu:
Confirmed
Bug description:
I have a home-lab setup with a FreeIPA server providing user info,
login, and sudoers rules. This worked well under legacy sudo (now
sudo.ws). On the client side (Ubuntu), it uses SSSD to make requests
to the FreeIPA server. PAM, NSS, and autofs still works.
However, this does not work with sudo-rs. It loads user info, but not
sudoers rules, from SSS. Looking at the source, it seems that sudo-rs
*only* looks at the sudoers files. Previously, I believe sudo had a
pluggable architecture that loaded libsss-sudo.
I know this is not in-keeping with sudo-rs's philosophy, but it seems
like this would be a dealbreaker for most enterprise users with
centralized sudo management.
It seems to me that either:
* sudo-rs should be able to get info from other sources, e.g., sssd, *or*
* sssd should write sudoers info to the file system for sudo-rs to read
Possibly sudo-rs should be listed as Breaks: libsss-sudo package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2130433/+subscriptions
More information about the foundations-bugs
mailing list