sudo fails for directory groups on 10.04
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sudo (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: sudo
This pertains to a fresh install and an upgrade of Ubuntu 10.04 server addition.
When using a directory for authentication (we use eDir), directory groups that are allowed to sudo in /etc/sudoers will get the following error:
$ sudo whoami
sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
I've confirmed that /etc/sudoers is correct:
%<group name> ALL=(ALL) NOPASSWD: ALL
I am a member of said group.
WORKAROUND:
Install and start nscd.
# /etc/init.d/nscd start
* Starting Name Service Cache Daemon nscd
...done.
<other terminal>
$ sudo whoami
root
nscd must be installed and running in order for directory groups to be allowed sudo privileges.
Some system info:
$ lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
$ apt-cache policy sudo
sudo:
Installed: 1.7.2p1-1ubuntu5
Candidate: 1.7.2p1-1ubuntu5
Version table:
*** 1.7.2p1-1ubuntu5 0
500 http://
100 /var/lib/
# dpkg -l '*ldap*'|grep ^ii
ii ldap-auth-client 0.5.2 meta-package for LDAP authentication
ii ldap-auth-config 0.5.2 Config package for LDAP authentication
ii ldap-utils 2.4.21-0ubuntu5 OpenLDAP utilities
ii libldap-2.4-2 2.4.21-0ubuntu5 OpenLDAP libraries
ii libnss-ldap 264-2ubuntu2 NSS module for using LDAP as a naming servic
ii libpam-ldap 184-8.2ubuntu1 Pluggable Authentication Module for LDAP
Thanks!
HippiePete
| Nathan Stratton Treadway (nathanst) wrote | #1 |
Are you using ldaps:// to connect to your directory server? Assuming you are, this sounds like it would be a duplicate of LP: #423252.