Bug 848821 - nsswitch.conf update can get lost when glibc updates are installed at the same on a multiarch system
nsswitch.conf update can get lost when glibc updates are installed at the sam...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
5.8
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-16 09:49 EDT by Tom G. Christensen
Modified: 2013-03-13 09:12 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-13 08:54:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tom G. Christensen 2012-08-16 09:49:21 EDT
Description of problem:
The current sudo package attempts to add a line to nsswitch.conf if it is missing but it fails it can fail if the update transaction also includes glibc on a multiarch system.
What happens is that due to the multiarch nature two glibc packages will be installed and in some circumstances yum orders the updates in a way that first glibc is updated, then sudo (at which point the added line exists in /etc/nsswitch.conf) and then the other glibc arch is updated which overwrites /etc/nsswitch.conf with the copy included in glibc.

Version-Release number of selected component (if applicable):
sudo-1.7.2p1-14.el5_8.3.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install a fresh rhel 5.8/x86_64 with sudo and openssl and no updates
2. remove the 'sudoers:' line from /etc/nsswitch.conf
3. yum update sudo openssl glibc

....  
Running Transaction
  Updating       : glibc-common       1/14 
  Updating       : glibc              2/14 
  Updating       : openssl            3/14 
  Updating       : sudo               4/14 
  Updating       : nscd               5/14 
  Updating       : glibc              6/14 
  Updating       : openssl            7/14                
....

Actual results:
# grep sudoers /etc/nsswitch.conf
#

Expected results:
# grep sudoers /etc/nsswitch.conf
sudoers:  files ldap
#


Additional info:
The example with 'sudo openssl glibc' is just one easy way to provoke this issue. Any combination of updates that can trigger sudo being updated in the middle of a glibc multiarch sandwich could cause this problem.
Comment 1 Dalibor Pospíšil 2012-08-16 10:16:57 EDT
I think that this is correct behavior because if you manually remove the line from nsswitch.conf it should not be automatically recreated.
Comment 2 Tom G. Christensen 2012-08-16 12:43:49 EDT
Lets see what happens if I revert my test VM and only update sudo:
# rpm -q sudo
sudo-1.7.2p1-13.el5.x86_64
# grep sudoers nsswitch.conf
#
# yum install sudo
....
Running Transaction
  Updating       : sudo                         1/2
...
# rpm -q sudo
sudo-1.7.2p1-14.el5_8.3.x86_64
# grep sudoers nsswitch.conf 
sudoers:  files ldap
#

That does not match the behaviour you describe.

Note You need to log in before you can comment on or make changes to this bug.