Red Hat Bugzilla – Bug 710245
Removed option from Sudo rule message is displayed even when the given option doesn't exist.
Last modified: 2015-01-04 18:49:01 EST
Description of problem: Version-Release number of selected component (if applicable): ipa-server-2.0.0-23.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. # ipa sudorule-find sudorule1 --all dn: ipauniqueid=78c97b54-8d01-11e0-b6e8-525400deab7b,cn=sudorules,cn=sudo,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com Rule name: sudorule1 Enabled: TRUE Sudo Deny Commands: /bin/ls Run As Group: group2 RunAs External User: test ipasudoopt: env_keep = LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE, !authenticate ipasudorunas_group: group1 ipauniqueid: 78c97b54-8d01-11e0-b6e8-525400deab7b objectclass: ipaassociation, ipasudorule ---------------------------- Number of entries returned 1 ---------------------------- 2. # ipa sudorule-remove-option sudorule1 --sudooption=invalid ----------------------- sudorule-remove-option: ----------------------- ---------------------------------------------------- Removed option "invalid" from Sudo rule "sudorule1" ---------------------------------------------------- Actual results: 1. displays: Removed option "invalid" from Sudo rule "sudorule1" Expected results: 1. Appropriate message should be displayed stating that the specified sudooption does not exist in this sudorule. Additional info:
https://fedorahosted.org/freeipa/ticket/1276
master: 44cdf8ef54ff761a5e38919b8cdce5128928985a
verified : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Bug 710245: Removed option from Sudo rule message is displayed even when the given option doesn't exist. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'ipa sudorule-add rule1' :: [ PASS ] :: Running 'ipa sudorule-remove-option rule1 --sudooption=invalid > /tmp/tmp.2wPVb2wcQB/bug710245.txt 2>&1' :: [ PASS ] :: File '/tmp/tmp.2wPVb2wcQB/bug710245.txt' should not contain 'Removed option "invalid" from Sudo rule "rule1"' :: [ PASS ] :: Running 'cat /tmp/tmp.2wPVb2wcQB/bug710245.txt' :: [ PASS ] :: Running 'ipa sudorule-del rule1' :: [ LOG ] :: Duration: 7s :: [ LOG ] :: Assertions: 5 good, 0 bad :: [ PASS ] :: RESULT: Bug 710245: Removed option from Sudo rule message is displayed even when the given option doesn't exist. version : ipa-server-2.1.1-4.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: A removed sudorule option appears in the output when removing that option. Consequence: It is confusing that the option being removed is still in the output. The option is properly removed, only the output is in error. Fix: Refresh the option values before returning. Result: The output from the delete command is consistent with the data.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html