[Pkg-sssd-devel] Bug#749722: Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
Timo Aaltonen
tjaalton at debian.org
Thu Nov 27 16:03:19 UTC 2014
On 08.11.2014 21:35, Andreas Beckmann wrote:
> BTW, isn't doing that in the postrm too late anyway? Shouldn't that be
> removed already by "prerm remove"? With the postrm approach there is a
> small timespan where sudo could fail: the libsss library is already
> removed, but still referenced in /etc/nsswitch.conf. (And in the worst
> case the machine crashes at that moment - rebooting with a broken
> sudoers configuration in /etc/nsswitch.conf)
It doesn't matter, sudo works just fine if there are leftovers on the
sudoers entry. It might complain though, but not break.
> You could append this to your postrm sed script to remove sudoer: files
> after disabling sss
>
> /^sudoers: files$/d
>
> Or is there any other source that could add a sudoers line to
> /etc/nsswitch.conf?
I've added a snippet to remove sudoers: if the line ends with 'files'.
> Also note that your postinst script has misleading comments talking
> about passwd, group, etc. lines being modified.
fixed
> Also the following sequence does not enable sss for sudoers:
>
> apt-get install libsss-sudo # sss gets enabled
> apt-get remove libsss-sudo # sss gets disabled, don't purge
> apt-get install libsss-sudo # goes the "upgrade, nothing to do" branch
fixed by running insert_nss_entry unconditionally, since it has sanity
checks in place anyway.
--
t
More information about the Pkg-sssd-devel
mailing list