Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2483 Sudo commands with characters that need to be escaped in a DN (backslash, plus, comma, less-than...) cannot be removed from command groups. These can appear in valid sudo commands (such as `/bin/ls /lost+found`). {{{ $ ./ipa sudocmd-add + ---------------------- Added Sudo Command "+" ---------------------- Sudo Command: + $ ./ipa sudocmdgroup-add a-group --desc=g1 ---------------------------------- Added Sudo Command Group "a-group" ---------------------------------- Sudo Command Group: a-group Description: g1 $ ./ipa sudocmdgroup-add-member a-group --sudocmds=+ Sudo Command Group: a-group Description: g1 Member Sudo commands: + ------------------------- Number of members added 1 ------------------------- $ ./ipa sudocmdgroup-remove-member a-group --sudocmds=+ Sudo Command Group: a-group Description: g1 Member Sudo commands: + Failed members: member sudo command: +: This entry is not a member --------------------------- Number of members removed 0 --------------------------- }}}
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/1dc11a01d7e2a8e561b3a79aa97bf0939cd3fd25 ipa-2-2: https://fedorahosted.org/freeipa/changeset/f43aae3a51894d06ba26c53e04965c587bd081a2
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Created attachment 583836 [details] test output verified using ipa-server.x86_64 0:2.2.0-13.el6 Attaching test output from beaker run
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html