[Pkg-sssd-devel] Bug#749722: Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge

Timo Aaltonen tjaalton at debian.org
Thu Nov 27 16:03:19 UTC 2014


On 08.11.2014 21:35, Andreas Beckmann wrote:
> BTW, isn't doing that in the postrm too late anyway? Shouldn't that be
> removed already by "prerm remove"? With the postrm approach there is a
> small timespan where sudo could fail: the libsss library is already
> removed, but still referenced in /etc/nsswitch.conf. (And in the worst
> case the machine crashes at that moment - rebooting with a broken
> sudoers configuration in /etc/nsswitch.conf)

It doesn't matter, sudo works just fine if there are leftovers on the
sudoers entry. It might complain though, but not break.

> You could append this to your postrm sed script to remove sudoer: files
> after disabling sss
> 
>     /^sudoers:        files$/d
> 
> Or is there any other source that could add a sudoers line to
> /etc/nsswitch.conf?

I've added a snippet to remove sudoers: if the line ends with 'files'.

> Also note that your postinst script has misleading comments talking
> about passwd, group, etc. lines being modified.

fixed

> Also the following sequence does not enable sss for sudoers:
> 
> apt-get install libsss-sudo  # sss gets enabled
> apt-get remove libsss-sudo   # sss gets disabled, don't purge
> apt-get install libsss-sudo  # goes the "upgrade, nothing to do" branch

fixed by running insert_nss_entry unconditionally, since it has sanity
checks in place anyway.


-- 
t



More information about the Pkg-sssd-devel mailing list