| Summary: | Setting HBAC/SUDO category to Anyone doesn't remove users/groups | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dmitri Pal <dpal> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3 | CC: | edewata, grajaiya, jgalipea, mkosek |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Bug Fix |
| Doc Text: |
No documentation needed.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:30:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Dmitri Pal
2012-01-19 20:48:02 UTC
appears to be duplicate bugzilla of ... https://bugzilla.redhat.com/show_bug.cgi?id=741277 The upstream patch fixes it in sudo: master: 2c1f21a14bf9d47ab484d13f5947a059ccc1d041 ipa-2-2: 4c4888190b78b0a4e58471235550d1709ef7e329 It appears that the commits related to ticket 1873 (for bug 741277) are unrelated, so perhaps that explains the duplication. HBAC tests: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa bug 783286 - Setting HBAC/SUDO category to Anyone doesn't remove users/groups :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'echo Secret123 | ipa user-add user1 --first=user1 --last=r --password' :: [ PASS ] :: Running 'ipa group-add group1 --desc=group1' :: [ PASS ] :: Running 'ipa hbacrule-add bug783286 --usercat=all > /tmp/tmp.KOndBQrJue/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.KOndBQrJue/bug783286.txt' should contain 'User category: all' :: [ PASS ] :: Running 'cat /tmp/tmp.KOndBQrJue/bug783286.txt' :: [ PASS ] :: Running 'ipa hbacrule-add-host bug783286 --hosts=primenova.lab.eng.pnq.redhat.com' :: [ PASS ] :: Running 'ipa hbacrule-add-user bug783286 --users=user1 > /tmp/tmp.KOndBQrJue/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.KOndBQrJue/bug783286.txt' should contain 'ipa: ERROR: users cannot be added when user category='all'' :: [ PASS ] :: Running 'cat /tmp/tmp.KOndBQrJue/bug783286.txt' :: [ PASS ] :: Running 'ipa hbacrule-add-user bug783286 --groups=group1 > /tmp/tmp.KOndBQrJue/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.KOndBQrJue/bug783286.txt' should contain 'ipa: ERROR: users cannot be added when user category='all'' :: [ PASS ] :: Running 'cat /tmp/tmp.KOndBQrJue/bug783286.txt' :: [ PASS ] :: Running 'ipa hbacrule-del bug783286' :: [ PASS ] :: Running 'ipa hbacrule-add bug783286' :: [ PASS ] :: Running 'ipa hbacrule-add-user bug783286 --users=user1' :: [ PASS ] :: Running 'ipa hbacrule-mod bug783286 --usercat=all > /tmp/tmp.KOndBQrJue/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.KOndBQrJue/bug783286.txt' should contain 'ipa: ERROR: user category cannot be set to 'all' while there are allowed users' :: [ PASS ] :: Running 'cat /tmp/tmp.KOndBQrJue/bug783286.txt' :: [ PASS ] :: Running 'ipa hbacrule-del bug783286' :: [ PASS ] :: Running 'ipa hbacrule-add bug783286' :: [ PASS ] :: Running 'ipa hbacrule-add-user bug783286 --groups=group1' :: [ PASS ] :: Running 'ipa hbacrule-mod bug783286 --usercat=all > /tmp/tmp.KOndBQrJue/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.KOndBQrJue/bug783286.txt' should contain 'ipa: ERROR: user category cannot be set to 'all' while there are allowed users' :: [ PASS ] :: Running 'cat /tmp/tmp.KOndBQrJue/bug783286.txt' :: [ PASS ] :: Running 'ipa group-del group1' :: [ PASS ] :: Running 'ipa hbacrule-del bug783286' :: [ PASS ] :: Running 'ipa user-del user1' :: [ LOG ] :: Duration: 1m 24s :: [ LOG ] :: Assertions: 27 good, 0 bad :: [ PASS ] :: RESULT: ipa bug 783286 - Setting HBAC/SUDO category to Anyone doesn't remove users/groups report saved as: /tmp/rhts.report.17417.txt ================ final pass/fail report ================= Sudo tests: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa bug 783286 - Setting HBAC/SUDO category to Anyone doesn't remove users/groups :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: verifies https://bugzilla.redhat.com/show_bug.cgi?id=783286 :: [ PASS ] :: Running 'echo Secret123 | ipa user-add shanks --first=shanks --last=r --password' :: [ PASS ] :: Running 'ipa group-add group1 --desc=group1' :: [ PASS ] :: Running 'ipa sudocmd-add /bin/ls' :: [ PASS ] :: Running 'ipa sudorule-add bug783286 --usercat=all > /tmp/tmp.ZUxTcGGJ0m/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.ZUxTcGGJ0m/bug783286.txt' should contain 'User category: all' :: [ PASS ] :: Running 'cat /tmp/tmp.ZUxTcGGJ0m/bug783286.txt' :: [ PASS ] :: Running 'ipa sudorule-add-host bug783286 --hosts=primenova.lab.eng.pnq.redhat.com' :: [ PASS ] :: Running 'ipa sudorule-add-user bug783286 --users=shanks > /tmp/tmp.ZUxTcGGJ0m/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.ZUxTcGGJ0m/bug783286.txt' should contain 'ipa: ERROR: users cannot be added when user category='all'' :: [ PASS ] :: Running 'cat /tmp/tmp.ZUxTcGGJ0m/bug783286.txt' :: [ PASS ] :: Running 'ipa sudorule-add-user bug783286 --groups=group1 > /tmp/tmp.ZUxTcGGJ0m/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.ZUxTcGGJ0m/bug783286.txt' should contain 'ipa: ERROR: users cannot be added when user category='all'' :: [ PASS ] :: Running 'cat /tmp/tmp.ZUxTcGGJ0m/bug783286.txt' :: [ PASS ] :: Running 'ipa sudorule-del bug783286' :: [ PASS ] :: Running 'ipa sudorule-add bug783286' :: [ PASS ] :: Running 'ipa sudorule-add-user bug783286 --users=shanks' :: [ PASS ] :: Running 'ipa sudorule-mod bug783286 --usercat=all > /tmp/tmp.ZUxTcGGJ0m/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.ZUxTcGGJ0m/bug783286.txt' should contain 'ipa: ERROR: user category cannot be set to 'all' while there are users' :: [ PASS ] :: Running 'ipa sudorule-del bug783286' :: [ PASS ] :: Running 'ipa sudorule-add bug783286' :: [ PASS ] :: Running 'ipa sudorule-add-user bug783286 --groups=group1' :: [ PASS ] :: Running 'ipa sudorule-mod bug783286 --usercat=all > /tmp/tmp.ZUxTcGGJ0m/bug783286.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.ZUxTcGGJ0m/bug783286.txt' should contain 'ipa: ERROR: user category cannot be set to 'all' while there are users' :: [ PASS ] :: Running 'ipa group-del group1' :: [ PASS ] :: Running 'ipa user-del shanks' :: [ PASS ] :: Running 'ipa sudocmd-del /bin/ls' :: [ PASS ] :: Running 'ipa sudorule-del bug783286' :: [ LOG ] :: Duration: 1m 43s :: [ LOG ] :: Assertions: 27 good, 0 bad :: [ PASS ] :: RESULT: ipa bug 783286 - Setting HBAC/SUDO category to Anyone doesn't remove users/groups report saved as: /tmp/rhts.report.3804.txt ================ final pass/fail report ================= Verified: ipa-server-2.2.0-8.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |