update removes sss entry from nsswitch.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Description: Ubuntu 20.04.5 LTS
Release: 20.04
apt-cache policy sudo-ldap
sudo-ldap:
Installed: 1.8.31-1ubuntu1.4
Candidate: 1.8.31-1ubuntu1.4
Version table:
*** 1.8.31-1ubuntu1.4 500
500 http://
500 http://
100 /var/lib/
1.
500 http://
In case sudo via sssd service is managed, an update of the sudo-ldap package is removing the sss entry from nsswitch.conf which causes sudo not to work anymore against sssd (ldap/AD).
The /etc/nsswitch.conf needs to be adopted (via root) in some scenarios when sudo does not work anymore, this can become a hen and egg problem.
The postinst routine should respect sssd or any other previous configured entry(ies) and pushing static hardcoded conf options without further checking should be prevented.
before update:
/etc/nsswitch.conf
...
sudoers: files sss
...
after update:
/etc/nsswitch.conf
...
sudoers: files ldap
...
The change is pushed via post install routine:
cat /var/lib/
...
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
...
hard-coded overwrite of "/etc/nsswitch. conf" from sudo-ldap package conflicts with sssd !