[Pkg-sssd-devel] Bug#783889: sudo-ldap, libsss-sudo: need to coordinate modifications to /etc/nsswitch.conf

[Andreas Beckmann]

Package: sudo-ldap,libsss-sudo
Severity: normal

Hi,

both sudo-ldap and libsss-sudo (and maybe some more packages?) modify
/etc/nsswitch.conf to (un-)register a sudoers: entry.

Right now that is happening in an uncoordinated way: sudo-ldap
adds 'sudoers: files ldap' if no ^sudoers: is found and deletes
^sudoers: completely on removal, not caring about any other package
using this. libsss-sudo seems to be a bit more careful ...

# apt-get install sudo-ldap
# grep ^sudoers: /etc/nsswitch.conf
sudoers:        files ldap
# apt-get install libsss-sudo
# grep ^sudoers: /etc/nsswitch.conf
sudoers:        files ldap sss
apt-get remove sudo-ldap
# grep ^sudoers: /etc/nsswitch.conf
# #nothing, should this be a RC bug against sudo-ldap?

In #770825 it was rejected to add a 'sudoers: files' default entry to
the nsswitch.conf shipped by base-files.

Maybe it is time to implement some "update-nsswitch" command to handle
such editing instead of hacking incomplete implementations into many
maintainer scripts. It should be generic enough to support the needs
of all packages managing the hosts: line as well.
That command would most probably not go into base-files but into a
non-essential package of its own (maybe nsswitch-helpers?).


Andreas