Bug 879633 - sudo + sssd + local user sends e-mail to administrator
Summary: sudo + sssd + local user sends e-mail to administrator
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sudo
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Daniel Kopeček
QA Contact: Aleš Mareček
URL:
Whiteboard:
Depends On:
Blocks: 881827 1305106
TreeView+ depends on / blocked
 
Reported: 2012-11-23 14:14 UTC by Pavel Březina
Modified: 2018-12-04 14:52 UTC (History)
2 users (show)

Fixed In Version: sudo-1.8.6p3-6.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1305106 (view as bug list)
Environment:
Last Closed: 2013-02-21 09:45:04 UTC


Attachments (Terms of Use)
proposed patch (928 bytes, patch)
2012-11-23 14:14 UTC, Pavel Březina
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0363 normal SHIPPED_LIVE sudo bug fix and enhancement update 2013-02-20 20:52:59 UTC

Description Pavel Březina 2012-11-23 14:14:24 UTC
Created attachment 650460 [details]
proposed patch

Description of problem:
When sudo is used with sssd and a local user runs sudo, an e-mail is sent to administrator, because sssd does not support sudo rules for local users. It is not an error, only noise.

Version-Release number of selected component (if applicable):
sudo-1.8.6p3-1

Steps to Reproduce:
1. configure sudo to use sssd as data source ('sudoers: files sss' in /etc/nsswitch.conf
2. run sssd
3. log in as local user
4. run 'sudo -l' as local user
  
Actual results:
E-mail is sent to administrator:
"problem with defaults entries ; TTY=pts/2 ; PWD=/home/fuero"

Expected results:
No e-mail is sent.

Additional info:
From sudo logs:
Nov 23 15:06:27 sudo[18514] -> sudo_sss_setdefs @ ./sssd.c:331
Nov 23 15:06:27 sudo[18514] Looking for cn=defaults
Nov 23 15:06:27 sudo[18514] The user was not found in SSSD.
Nov 23 15:06:27 sudo[18514] <- sudo_sss_setdefs @ ./sssd.c:348 := -1
Nov 23 15:06:27 sudo[18514] -> log_error @ ./logging.c:473
Nov 23 15:06:27 sudo[18514] -> vlog_error @ ./logging.c:421
Nov 23 15:06:27 sudo[18514] -> set_perms @ ./set_perms.c:116
Nov 23 15:06:27 sudo[18514] set_perms: PERM_ROOT: uid: [0, 0, 0] -> [0, 0, 0]
Nov 23 15:06:27 sudo[18514] -> sudo_grlist_addref @ ./pwutil.c:770
Nov 23 15:06:27 sudo[18514] <- sudo_grlist_addref @ ./pwutil.c:772
Nov 23 15:06:27 sudo[18514] <- set_perms @ ./set_perms.c:350 := true
Nov 23 15:06:27 sudo[18514] -> new_logline @ ./logging.c:746
Nov 23 15:06:27 sudo[18514] <- new_logline @ ./logging.c:867 := problem with defaults entries ; TTY=pts/3 ; PWD=/home/pbrezina ;
Nov 23 15:06:27 sudo[18514] -> send_mail @ ./logging.c:524
Nov 23 15:06:27 sudo[18514] -> do_syslog @ ./logging.c:138

Comment 6 errata-xmlrpc 2013-02-21 09:45:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0363.html


Note You need to log in before you can comment on or make changes to this bug.