Hide Forgot
Description of problem: While executing sss_cache command to invalidate multiple sudo rule with '-r' option it does not print any error about multiple sudo rules mentioned. Command executes with invalidating first rule mentioned and exit status '0' . Environment : Configure sssd as ldap-client against LDAP-server such as OpenLDAP or IPA or 389-DS. Store sudo rules on LDAP-server. And configure sssd-client system to fetch sudo rules from LDAP server. Version-Release number of selected component (if applicable): sssd-1.14.0-27.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. # sss_cache -r sudo_rule_1 sudo_rule_2 Actual results: Command exits with exit_status '0' Expected results: Command should print warning or error message about incorrect syntax. It could also direct toward Usage option. Something like: # sss_cache -r sudo_rule_1 sudo_rule_2 Please use only one object to invalidate. Additional info:
the same applies to other related option e.g. sss_cache -u user1 user2 user3
(In reply to Lukas Slebodnik from comment #2) > the same applies to other related option > e.g. > sss_cache -u user1 user2 user3 Yes And it also run without any error or warning when the switches/option in Capital letters are used. Such as -U to invalidate all users, -G for all group , -R for all sudo rules. # sss_cache -R rule1 rule2 rule3 # sss_cache -U user1 user2 user3 # sss_cache -G group1 group2 # sss_cache -N netgroup netgroup2 netgrou3
Upstream ticket: https://fedorahosted.org/sssd/ticket/3180
master: 1330390c698ca0802200725df43356557aa633a2
verified with sssd-1.15.2-33.el7.x86_64 [root@shr-r7-permanent ~]# sss_cache -r sudo_rule_1 sudo_rule_2 Usage: sss_cache [-?EUGNSAHR] [-?|--help] [--usage] [-E|--everything] [-u|--user STRING] [-U|--users] [-g|--group STRING] [-G|--groups] [-n|--netgroup STRING] [-N|--netgroups] [-s|--service STRING] [-S|--services] [-a|--autofs-map STRING] [-A|--autofs-maps] [-h|--ssh-host STRING] [-H|--ssh-hosts] [-r|--sudo-rule STRING] [-R|--sudo-rules] [-d|--domain STRING] Unexpected argument(s) provided, options that invalidate a single object only accept a single provided argument. [root@shr-r7-permanent ~]# echo $? 1 :: [ BEGIN ] :: sss_cache -r returned warning :: actually running 'strict eval 'sss_cache -r test test2'' Usage: sss_cache [-?EUGNSAHR] [-?|--help] [--usage] [-E|--everything] [-u|--user STRING] [-U|--users] [-g|--group STRING] [-G|--groups] [-n|--netgroup STRING] [-N|--netgroups] [-s|--service STRING] [-S|--services] [-a|--autofs-map STRING] [-A|--autofs-maps] [-h|--ssh-host STRING] [-H|--ssh-hosts] [-r|--sudo-rule STRING] [-R|--sudo-rules] [-d|--domain STRING] Unexpected argument(s) provided, options that invalidate a single object only accept a single provided argument. :: [ PASS ] :: sss_cache -r returned warning (Expected 1, got 1)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294