Bug 800537 - Sudo commands with special characters cannot be removed from command groups
Sudo commands with special characters cannot be removed from command groups
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-06 11:52 EST by Dmitri Pal
Modified: 2013-12-16 11:52 EST (History)
4 users (show)

See Also:
Fixed In Version: ipa-2.2.0-4.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:20:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test output (4.95 KB, text/plain)
2012-05-11 08:55 EDT, Namita Soman
no flags Details

  None (edit)
Description Dmitri Pal 2012-03-06 11:52:39 EST
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2483

Sudo commands with characters that need to be escaped in a DN (backslash, plus, comma, less-than...) cannot be removed from command groups.

These can appear in valid sudo commands (such as `/bin/ls /lost+found`).

{{{
$ ./ipa sudocmd-add +
----------------------
Added Sudo Command "+"
----------------------
  Sudo Command: +

$ ./ipa sudocmdgroup-add a-group --desc=g1
----------------------------------
Added Sudo Command Group "a-group"
----------------------------------
  Sudo Command Group: a-group
  Description: g1

$ ./ipa sudocmdgroup-add-member a-group --sudocmds=+
  Sudo Command Group: a-group
  Description: g1
  Member Sudo commands: +
-------------------------
Number of members added 1
-------------------------

$ ./ipa sudocmdgroup-remove-member a-group --sudocmds=+
  Sudo Command Group: a-group
  Description: g1
  Member Sudo commands: +
  Failed members: 
    member sudo command: +: This entry is not a member
---------------------------
Number of members removed 0
---------------------------
}}}
Comment 4 Martin Kosek 2012-04-24 09:36:14 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 5 Namita Soman 2012-05-11 08:55:02 EDT
Created attachment 583836 [details]
test output

verified using ipa-server.x86_64 0:2.2.0-13.el6
Attaching test output from beaker run
Comment 7 errata-xmlrpc 2012-06-20 09:20:30 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.