Red Hat Bugzilla – Bug 924395
[RFE] ipa-client-install should configure sudo automatically
Last modified: 2015-03-05 05:09:11 EST
Description of problem: It is enhancment bug. I think, since from EL .4 it is possible to configure sssd_sudo intergation, that libsss_sudo should be added as a dependency to ipa-client package. Otherwise it is possible to autoremove it with yum "clean_requirements_on_remove" option active. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
sorry! I mean el6.4 (In reply to comment #0) > Description of problem: > > It is enhancment bug. I think, since from EL .4 it is possible to configure > sssd_sudo intergation, that libsss_sudo should be added as a dependency to > ipa-client package. > Otherwise it is possible to autoremove it with yum > "clean_requirements_on_remove" option active. > > Version-Release number of selected component (if applicable): > > > How reproducible: > > > Steps to Reproduce: > 1. > 2. > 3. > > Actual results: > > > Expected results: > > > Additional info:
When ipa-client-install configures sudo using SSSD the dependency will be added. See upstream ticket https://fedorahosted.org/freeipa/ticket/3358
Ticket #3358 is fixed upstream, sudo is now configured automatically by ipa-client-install. libsss_sudo is now part of sssd-common package and thus always installed.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/4508
Additional fix pushed upstream master: https://fedorahosted.org/freeipa/changeset/fd26560a164e757970584009d54f81c678a7056c ipa-4-1: https://fedorahosted.org/freeipa/changeset/5aead1ff6fd6709a267fc91cb2e437d504ad2bac ipa-4-0: https://fedorahosted.org/freeipa/changeset/6bb6671cb5ea4c71581675330b398ab64c9dffd3
Verified: sudo was configured during ipa-client-install automatically. [root@71client ipa-sudo]# grep "services" /etc/sssd/sssd.conf services = nss, sudo, pam, ssh [root@71client ipa-sudo]# grep "sudoers" /etc/nsswitch.conf sudoers: files sss +-----------------------------[RPMs & OS: [ - x86_64]-----------------------------+ | ipa-admintools-4.1.0-0.1.alpha1.el7.x86_64 | ipa-client-4.1.0-0.1.alpha1.el7.x86_64 | sssd-ipa-1.12.1-3.el7.x86_64 ------------------------------------------------------------------------------------------ +-----------------------------------------------------------------------------------------+ Test:[/ipa-server/rhel70/ipa-sudo/root]: [ Pass(15/15): 100% ] +-----------------------------------------------------------------------------------------+ :: [ PASS ] ipa-sudo-cli-sanity-tests-setup :: [ PASS ] ipa-sudo-wrapper: phase covering all tests :: [ PASS ] just wait for master test to be finished first :: [ PASS ] Setup for sudo functional tests :: [ PASS ] sudorule-offline-caching-allow-command :: [ PASS ] sudorule-offline-caching-deny-command :: [ PASS ] sudorule-offline-caching-runasuser-command :: [ PASS ] sudorule-offline-caching-runasgroup-command :: [ PASS ] sudorule-offline-caching-hostgroup-command :: [ PASS ] sudorule-offline-caching-group :: [ PASS ] sudorule-offline-caching-option :: [ PASS ] disable-sudorule-offline-caching :: [ PASS ] sudo func cleanup :: [ PASS ] Clean up for sudo functional tests :: [ PASS ] /ipa-server/rhel70/ipa-sudo/root +----------------------------------------------------------------------+ Fail / unfinished / ABORT [ Fail(0/15): 0% ] +----------------------------------------------------------------------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html