Comment 0 for bug 423252
Revision history for this message
| Matt Kassawara (ionosphere80) wrote NSS using LDAP on Karmic (alpha 4) breaks 'su' and 'sudo' | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Karmic (alpha 4 plus updates), changing the nsswitch.conf 'passwd' field to anything with 'ldap' as the first item breaks the ability to become root using 'su' and 'sudo' as anyone but root.
Default nsswitch.conf:
passwd: compat
group: compat
shadow: compat
matt@box:~$ sudo uname -a
[sudo] password for matt:
Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC 2009 x86_64 GNU/Linux
matt@box:~$ su -
Password:
root@box:~#
Modified nsswitch.conf with 'ldap' before 'compat':
passwd: ldap compat
group: ldap compat
shadow: ldap compat
matt@box:~$ sudo uname -a
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
matt@box:~$ su -
Password:
setgid: Operation not permitted
Modified nsswitch.conf with 'ldap' after 'compat':
passwd: compat ldap
group: compat ldap
shadow: compat ldap
matt@box:~$ sudo uname -a
[sudo] password for matt:
Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC 2009 x86_64 GNU/Linux
matt@box:~$ su -
Password:
root@box:~#
The same arrangements in nsswitch.conf work as expected in Jaunty and earlier releases.