Bug 1502630

Summary: inclusion of system-auth for session hooks missing in sudo PAM snippets
Product: Red Hat Enterprise Linux 7 Reporter: Andrey Bondarenko <abondare>
Component: sudoAssignee: Radovan Sroka <rsroka>
Status: CLOSED ERRATA QA Contact: Patrik Kis <pkis>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: dapospis, dkopecek, extras-qa, jaster, kzak, lmiksik, lnie, lpoetter, pkis, rsroka
Target Milestone: rcKeywords: Patch, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.23-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1034533 Environment:
Last Closed: 2018-10-30 11:09:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1034533    
Bug Blocks:    
Attachments:
Description Flags
proposed patch none

Description Andrey Bondarenko 2017-10-16 11:24:10 UTC 
+++ This bug was initially created as a clone of Bug #1034533 +++

Much like /etc/pam.d/su and /etc/pam.d/su-l the PAM files for sudo (/etc/pam.d/sudo and /etc/pam.d/sudo-i) should include system-auth for the session hooks. i.e. a line like

session		include		system-auth

is missing from /etc/pam.d/sudo, and a line like

session         include         su

is missing from /etc/pam.d/sudo-i.

$ rpm -qf /etc/pam.d/sudo
sudo-1.8.8-1.fc20.x86_64

--- Additional comment from Fedora Update System on 2014-09-30 11:21:00 EDT ---

sudo-1.8.11-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/sudo-1.8.11-1.fc20

--- Additional comment from Fedora Update System on 2014-10-01 00:22:28 EDT ---

Package sudo-1.8.11-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sudo-1.8.11-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-11928/sudo-1.8.11-1.fc20
then log in and leave karma (feedback).

--- Additional comment from Fedora Update System on 2014-11-03 09:27:21 EST ---

sudo-1.8.11p2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/sudo-1.8.11p2-1.fc20

--- Additional comment from lnie on 2014-11-04 03:03:02 EST ---

sudo-1.8.11p2-1.fc20 works

--- Additional comment from Fedora Update System on 2015-02-18 05:20:25 EST ---

sudo-1.8.12-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/sudo-1.8.12-1.fc20

--- Additional comment from Fedora Update System on 2015-02-23 18:24:53 EST ---

sudo-1.8.12-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 2 Radovan Sroka 2018-01-25 13:22:49 UTC 
Created attachment 1386072 [details]
proposed patch

needs review
Comment 8 errata-xmlrpc 2018-10-30 11:09:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:3199