RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1256788 - Sudo option '!authenticate' not working as expected
Summary: Sudo option '!authenticate' not working as expected
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Pavel Březina
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-25 12:45 UTC by Abhijeet Kasurde
Modified: 2015-09-28 11:27 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-16 08:12:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Sudo_rule_log (1.89 KB, text/plain)
2015-08-25 12:45 UTC, Abhijeet Kasurde 		no flags Details
sssd_sudo_log (29.75 KB, text/plain)
2015-09-07 07:09 UTC, Abhijeet Kasurde 		no flags Details
View All

Description Abhijeet Kasurde 2015-08-25 12:45:21 UTC 
Created attachment 1066838 [details]
Sudo_rule_log

Description of problem:
Sudo option !authenticate does not work as per expected. This option allows user to run any sudoer command without providing password.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. kinit admin 
2. ipa sudorule-add files-commands
3. ipa sudorule-add-host --hosts dhcp201-131.testrelm.test files-commands
4. ipa sudorule-add-user --user testuser1  files-commands
5. ipa sudorule-add-allow-command --sudocmds "/usr/bin/less" files-commands 
6. ipa sudorule-add-option files-commands --sudooption '!authenticate'
7. su -c 'sudo -l' testuser1 


Actual results:
testuser1 should use 'sudo' asks for password

Expected results:
testuser1 should use 'sudo' without asking for password

Additional info:
Comment 2 Petr Vobornik 2015-08-25 16:21:43 UTC 
Sudo options are enforced by SSSD, changing component.
Comment 3 Pavel Březina 2015-09-01 08:27:14 UTC 
Hi, option trouble was always a misconfiguration/misuse so far. I will need sudo logs.
Comment 4 Jakub Hrozek 2015-09-05 15:43:12 UTC 
Ping Abhijeet? 

I'm afraid we'd have to close the bug if we can't get the required data..
Comment 5 Abhijeet Kasurde 2015-09-07 07:09:01 UTC 
Created attachment 1070843 [details]
sssd_sudo_log
Comment 6 Pavel Březina 2015-09-08 10:52:02 UTC 
Hi,
I meant sudo logs, not sssd_sudo.log (sssd sudo responder).
Comment 7 Jakub Hrozek 2015-09-16 08:12:13 UTC 
No reply from reporter, closing.
Comment 8 Abhijeet Kasurde 2015-09-28 11:27:06 UTC 
Unable to reproduce bug.
Note You need to log in before you can comment on or make changes to this bug.