Bug 846947

Summary: update to sudo-1.7.2p1-14.el5_8.2 changes permissions on nsswitch.conf
Product: Red Hat Enterprise Linux 5 Reporter: Dalibor Pospíšil <dapospis>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED DUPLICATE QA Contact: Dalibor Pospíšil <dapospis>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.8CC: dkopecek, erinn.looneytriggs
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-09 09:03:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dalibor Pospíšil 2012-08-09 08:28:24 UTC 
Description of problem:
Update to sudo-1.7.2p1-14.el5_8.2 changes permissions on nsswitch.conf from 644 to 600.

Version-Release number of selected component (if applicable):
sudo-1.7.2p1-14.el5_8.2

How reproducible:
always

Steps to Reproduce:
1. remove sudo
2. remove sudo stanza from nsswitch.conf
3. install sudo-1.7.2p1-13
4. update to sudo-1.7.2p1-14.el5_8.2
  
Actual results:
# ls -Zl /etc/nsswitch.conf
-rw------- 1 system_u:object_r:etc_t          root root 1717 Apr  9 07:58 /etc/nsswitch.conf

Expected results:
ls -Zl /etc/nsswitch.conf
-rw-r--r-- 1 system_u:object_r:etc_t          root root 1716 Apr  9 07:51 /etc/nsswitch.conf

Additional info:
Using sed -i -e '/^sudoers:/d' ./nsswitch.conf in postin and postun scripts should be a safe way even without restorecon I think.
Comment 1 RHEL Program Management 2012-08-09 08:37:48 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 2 Erinn Looney-Triggs 2012-08-09 08:55:30 UTC 
Yeah this wreaks havoc with IPA as users can no longer look up names, this needs to be fixed and quickly.

Support case 00690572 opened.

-Erinn
Comment 3 Daniel Kopeček 2012-08-09 09:03:22 UTC 

*** This bug has been marked as a duplicate of bug 846631 ***