Bug 769491
| Summary: | Unable to add certain sudo commands to groups | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Erinn Looney-Triggs <erinn.looneytriggs> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2 | CC: | grajaiya, jgalipea, mkosek, skamble, yjog |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-5.el6 | Doc Type: | Bug Fix |
| Doc Text: |
No documentation needed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:28:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2227 Fixed upstream. master: dddebe23507749486fb09d219f0da4f483ba4e79 ipa-2-2: 3738a611a678e6c23be38dacbad8955299cbe5bb to test: $ ipa sudocmd-add '/bin/chown -R apache\:developers /var/www/*/shared/log' $ ipa sudocmdgroup-add test --desc=test $ ipa sudocmdgroup-add-member --sudocmds='/bin/chown -R apache\:developers /var/www/*/shared/log' test The command should be added to the group and the escape character should remain unchanged.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bug769491: Unable to add certain sudo commands to groups. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: https://bugzilla.redhat.com/show_bug.cgi?id=769491 :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Kinit as admin user :: [ PASS ] :: Running 'ipa sudocmd-add "/bin/chown -R apache:developers /var/www/*/shared/log" > /tmp/tmp.81fRG7P9bN/bug769491.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Added Sudo Command' :: [ PASS ] :: Running 'cat /tmp/tmp.81fRG7P9bN/bug769491.txt' :: [ PASS ] :: Running 'ipa sudocmdgroup-add sudogrp1 --desc=sudogrp1' :: [ PASS ] :: Running 'ipa sudocmdgroup-add-member sudogrp1 --sudocmds="/bin/chown -R apache:developers /var/www/*/shared/log" > /tmp/tmp.81fRG7P9bN/bug769491.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Member Sudo commands: /bin/chown -r apache:developers /var/www/\*/shared/log' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Number of members added 1' :: [ PASS ] :: Running 'cat /tmp/tmp.81fRG7P9bN/bug769491.txt' :: [ PASS ] :: Running 'ipa sudocmdgroup-show sudogrp1 > /tmp/tmp.81fRG7P9bN/bug769491.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Sudo Command Group: sudogrp1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Member Sudo commands: /bin/chown -r apache:developers /var/www/\*/shared/log' :: [ PASS ] :: Running 'cat /tmp/tmp.81fRG7P9bN/bug769491.txt' :: [ PASS ] :: Running 'ipa sudocmdgroup-remove-member sudogrp1 --sudocmds="/bin/chown -R apache:developers /var/www/*/shared/log" > /tmp/tmp.81fRG7P9bN/bug769491.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Sudo Command Group: sudogrp1' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should not contain 'Member Sudo commands: /bin/chown -r apache:developers /var/www/\*/shared/log' :: [ PASS ] :: File '/tmp/tmp.81fRG7P9bN/bug769491.txt' should contain 'Number of members removed 1' :: [ PASS ] :: Running 'cat /tmp/tmp.81fRG7P9bN/bug769491.txt' :: [ PASS ] :: Running 'ipa sudocmd-del "/bin/chown -R apache:developers /var/www/*/shared/log"' :: [ PASS ] :: Running 'ipa sudocmdgroup-del sudogrp1' :: [ LOG ] :: Duration: 40s :: [ LOG ] :: Assertions: 20 good, 0 bad :: [ PASS ] :: RESULT: bug769491: Unable to add certain sudo commands to groups. version :: ipa-server.i686 0:2.2.0-12.el6 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |
Description of problem: I am able to create the following sudo command via the web UI: /bin/chown -R apache\:developers /var/www/*/shared/log However, when attempting to add it to a command group it fails. My guess would be the colon is the cause (no dirty jokes intended :). This is a legal sudo command the colon just has to be escaped when specifying the command to the sudoers file. Web UI error: Some operations failed. Hide details /bin/chown -R apache:developers /var/www/*/shared/log: no such entry Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Create a command with a colon Attempt to add it to a group