Bug 879633

Summary: sudo + sssd + local user sends e-mail to administrator
Product: Red Hat Enterprise Linux 6 Reporter: Pavel Březina <pbrezina>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: amarecek, pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.6p3-6.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1305106 (view as bug list) Environment:
Last Closed: 2013-02-21 09:45:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 881827, 1305106    
Attachments:
Description Flags
proposed patch none

Description Pavel Březina 2012-11-23 14:14:24 UTC
Created attachment 650460 [details]
proposed patch

Description of problem:
When sudo is used with sssd and a local user runs sudo, an e-mail is sent to administrator, because sssd does not support sudo rules for local users. It is not an error, only noise.

Version-Release number of selected component (if applicable):
sudo-1.8.6p3-1

Steps to Reproduce:
1. configure sudo to use sssd as data source ('sudoers: files sss' in /etc/nsswitch.conf
2. run sssd
3. log in as local user
4. run 'sudo -l' as local user
  
Actual results:
E-mail is sent to administrator:
"problem with defaults entries ; TTY=pts/2 ; PWD=/home/fuero"

Expected results:
No e-mail is sent.

Additional info:
From sudo logs:
Nov 23 15:06:27 sudo[18514] -> sudo_sss_setdefs @ ./sssd.c:331
Nov 23 15:06:27 sudo[18514] Looking for cn=defaults
Nov 23 15:06:27 sudo[18514] The user was not found in SSSD.
Nov 23 15:06:27 sudo[18514] <- sudo_sss_setdefs @ ./sssd.c:348 := -1
Nov 23 15:06:27 sudo[18514] -> log_error @ ./logging.c:473
Nov 23 15:06:27 sudo[18514] -> vlog_error @ ./logging.c:421
Nov 23 15:06:27 sudo[18514] -> set_perms @ ./set_perms.c:116
Nov 23 15:06:27 sudo[18514] set_perms: PERM_ROOT: uid: [0, 0, 0] -> [0, 0, 0]
Nov 23 15:06:27 sudo[18514] -> sudo_grlist_addref @ ./pwutil.c:770
Nov 23 15:06:27 sudo[18514] <- sudo_grlist_addref @ ./pwutil.c:772
Nov 23 15:06:27 sudo[18514] <- set_perms @ ./set_perms.c:350 := true
Nov 23 15:06:27 sudo[18514] -> new_logline @ ./logging.c:746
Nov 23 15:06:27 sudo[18514] <- new_logline @ ./logging.c:867 := problem with defaults entries ; TTY=pts/3 ; PWD=/home/pbrezina ;
Nov 23 15:06:27 sudo[18514] -> send_mail @ ./logging.c:524
Nov 23 15:06:27 sudo[18514] -> do_syslog @ ./logging.c:138

Comment 6 errata-xmlrpc 2013-02-21 09:45:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0363.html