2018-07-16 17:05:01 |
Robie Basak |
bug |
|
|
added bug |
2018-07-16 17:06:11 |
Robie Basak |
sssd (Ubuntu): status |
New |
Triaged |
|
2018-07-16 17:06:12 |
Robie Basak |
sssd (Ubuntu): importance |
Undecided |
High |
|
2018-07-16 17:06:27 |
Robie Basak |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903917 |
|
2018-07-16 17:06:33 |
Robie Basak |
bug task added |
|
sssd (Debian) |
|
2018-07-16 23:26:43 |
Bug Watch Updater |
sssd (Debian): status |
Unknown |
New |
|
2018-07-17 07:37:56 |
Tilman Schmidt |
bug |
|
|
added subscriber Tilman Schmidt |
2018-07-21 10:15:05 |
Christian Loos |
bug |
|
|
added subscriber Christian Loos |
2018-08-22 21:20:17 |
Andreas Hasenack |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/353601 |
|
2018-08-22 21:20:28 |
Andreas Hasenack |
sssd (Ubuntu): assignee |
|
Andreas Hasenack (ahasenack) |
|
2018-08-22 21:20:31 |
Andreas Hasenack |
sssd (Ubuntu): status |
Triaged |
In Progress |
|
2018-08-23 12:28:06 |
Andreas Hasenack |
sssd (Ubuntu): status |
In Progress |
Fix Committed |
|
2018-08-27 11:01:56 |
Andreas Hasenack |
sssd (Ubuntu): status |
Fix Committed |
Fix Released |
|
2018-08-28 01:30:56 |
Bug Watch Updater |
sssd (Debian): status |
New |
Fix Released |
|
2018-11-28 14:25:46 |
Christian Loos |
removed subscriber Christian Loos |
|
|
|
2018-11-28 14:26:00 |
Christian Loos |
bug |
|
|
added subscriber Christian Loos |
2018-11-28 15:03:33 |
Robie Basak |
tags |
|
bitesize |
|
2018-11-28 15:03:49 |
Robie Basak |
nominated for series |
|
Ubuntu Bionic |
|
2018-11-28 15:03:49 |
Robie Basak |
bug task added |
|
sssd (Ubuntu Bionic) |
|
2018-11-28 15:03:49 |
Robie Basak |
nominated for series |
|
Ubuntu Xenial |
|
2018-11-28 15:03:49 |
Robie Basak |
bug task added |
|
sssd (Ubuntu Xenial) |
|
2018-12-05 18:37:10 |
Christian Loos |
sssd (Ubuntu Xenial): status |
New |
Confirmed |
|
2018-12-05 18:37:19 |
Christian Loos |
sssd (Ubuntu Bionic): status |
New |
Confirmed |
|
2018-12-05 20:18:10 |
Robie Basak |
tags |
bitesize |
bitesize server-next |
|
2019-05-28 13:25:41 |
Andreas Hasenack |
sssd (Ubuntu Xenial): assignee |
|
Andreas Hasenack (ahasenack) |
|
2019-05-28 13:25:43 |
Andreas Hasenack |
sssd (Ubuntu Bionic): assignee |
|
Andreas Hasenack (ahasenack) |
|
2019-05-28 13:25:45 |
Andreas Hasenack |
sssd (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
2019-05-28 13:25:46 |
Andreas Hasenack |
sssd (Ubuntu Bionic): status |
Confirmed |
In Progress |
|
2019-05-28 14:19:35 |
Andreas Hasenack |
description |
I have reported this bug to Debian, but this applies equally to Ubuntu. Please see the Debian bug report for details. |
[Impact]
The libsss-sudo package insists on inserting a "sudoers: files sss" configuration line into /etc/nsswitch.conf at install time and every upgrade after that. If the line already exists and has no "sss" component, the postinst adds that.
This behavior ignores changes the user might have done. For example, some users remove "sss", like seen in bug #1249777. At the next upgrade, libsss-sudo will just add it back again.
The proposed fix here is already applied in debian and later ubuntu releases, and only triggers the nsswitch.conf check on first install.
[Test Case]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance |
|
2019-05-28 14:33:06 |
Andreas Hasenack |
description |
[Impact]
The libsss-sudo package insists on inserting a "sudoers: files sss" configuration line into /etc/nsswitch.conf at install time and every upgrade after that. If the line already exists and has no "sss" component, the postinst adds that.
This behavior ignores changes the user might have done. For example, some users remove "sss", like seen in bug #1249777. At the next upgrade, libsss-sudo will just add it back again.
The proposed fix here is already applied in debian and later ubuntu releases, and only triggers the nsswitch.conf check on first install.
[Test Case]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
* and address these questions in advance |
[Impact]
The libsss-sudo package insists on inserting a "sudoers: files sss" configuration line into /etc/nsswitch.conf at install time and every upgrade after that. If the line already exists and has no "sss" component, the postinst adds that.
This behavior ignores changes the user might have done. For example, some users remove "sss", like seen in bug #1249777. At the next upgrade, libsss-sudo will just add it back again.
The proposed fix here is already applied in debian and later ubuntu releases, and only triggers the nsswitch.conf check on first install.
[Test Case]
* Install libsss-sudo:
$ sudo apt install libsss-sudo
* Verify the sudoers line with sss was added to /etc/nsswitch.conf:
$ grep ^sudoers /etc/nsswitch.conf
sudoers: files sss
* Remove sss from that line, so it becomes:
$ grep ^sudoers /etc/nsswitch.conf
sudoers: files
* Reinstall the package (or upgrade to a package without the fix):
sudo apt install --reinstall libsss-sudo
* Without the fix, sss will be back:
$ grep ^sudoers /etc/nsswitch.conf
sudoers: files sss
* With the fixed package, the line will remain as you left it before, without sss:
$ grep ^sudoers /etc/nsswitch.conf
sudoers: files
[Regression Potential]
Someone could perhaps be surprised that reinstalling the package won't make it "work again", in the case they removed "sss" from the sudoers line in /etc/nsswitch.conf and expected a reinstallation to fix it.
[Other Info]
One could argue that if the user doesn't want to use sudo with sss, then why install libsss-sudo? |
|
2019-05-28 14:56:52 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/367989 |
|
2019-05-28 14:57:51 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/367990 |
|
2019-05-28 19:40:22 |
Jon Schewe |
bug |
|
|
added subscriber Jon Schewe |
2019-06-20 08:07:53 |
Timo Aaltonen |
sssd (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-06-20 08:07:55 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-06-20 08:07:57 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
2019-06-20 08:08:01 |
Timo Aaltonen |
tags |
bitesize server-next |
bitesize server-next verification-needed verification-needed-bionic |
|
2019-06-20 08:09:27 |
Timo Aaltonen |
sssd (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2019-06-20 08:09:33 |
Timo Aaltonen |
tags |
bitesize server-next verification-needed verification-needed-bionic |
bitesize server-next verification-needed verification-needed-bionic verification-needed-xenial |
|
2019-06-21 14:56:23 |
Andreas Hasenack |
tags |
bitesize server-next verification-needed verification-needed-bionic verification-needed-xenial |
bitesize server-next verification-done-bionic verification-needed verification-needed-xenial |
|
2019-06-21 17:24:02 |
Andreas Hasenack |
tags |
bitesize server-next verification-done-bionic verification-needed verification-needed-xenial |
bitesize server-next verification-done-bionic verification-done-xenial verification-needed |
|
2019-06-27 10:45:37 |
Launchpad Janitor |
sssd (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2019-06-27 10:45:50 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-06-27 16:12:20 |
Launchpad Janitor |
sssd (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|