Bug 1198339
Summary: | ipa-client-install adds extra sss to sudoers in nsswitch.conf | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Scott Poore <spoore> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 6.6 | CC: | mkosek, pvoborni, rcritten, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-43.el6 | Doc Type: | Bug Fix |
Doc Text: |
Running ipa-client-install added the "sss" entry to the sudoers line in nsswitch.conf even if "sss" was already configured and the entry was present in the file. Duplicate "sss" then caused sudo to become unresponsive. With this update, ipa-client-install no longer adds "sss" if it is already present in nsswitch.conf and does not cause sudo to hang in this situation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 07:39:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Scott Poore
2015-03-03 20:18:26 UTC
Thanks for report. I see downstream patch missing this part in configure_nsswitch_database: # Make sure no service is added if already mentioned in the list added_services = [s for s in services if s not in configured_services] We should fix this one in next release, given it is causing problems. Verified on ipa-client-3.0.0-45.el6.x86_64: [root@idm-qe-03 yum.repos.d]# echo "sudoers: files sss" >> /etc/nsswitch.conf [root@idm-qe-03 yum.repos.d]# ipa-client-install Discovery was successful! Hostname: idm-qe-03.testrelm.test Realm: TESTRELM.TEST DNS Domain: testrelm.test IPA Server: idm-qe-01.testrelm.test BaseDN: dc=testrelm,dc=test . . . Client configuration complete. [root@idm-qe-03 yum.repos.d]# grep sudoer /etc/nsswitch.conf sudoers: files sss Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1462.html |