[Pkg-sssd-devel] Bug#903917: libsss-sudo.postinst clobbers local change to /etc/nsswitch.conf
Robie Basak
robie.basak at ubuntu.com
Mon Jul 16 18:02:49 BST 2018
Package: libsss-sudo
Version: 1.16.2-1
Severity: serious
Justification: policy violation (section 10.7.3)
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu cosmic
Steps to reproduce:
1. apt install sssd
2. Edit /etc/nsswitch.conf and remove "sss" from the "sudoers" entry
3. apt install --reinstall libsss-sudo
Expected behaviour:
"sss" remains not present in /etc/nsswitch.conf (ie. the local change is
preserved).
Actual behaviour:
"sss" is re-added to nsswitch.conf.
I have verified this behaviour in a Debian sid container today.
Policy violation:
This breaks "local changes must be preserved during a package upgrade"
from policy section 10.7.3.
Suggested fix:
Make the change only on fresh install of the package, rather than on
upgrade.
Additional information:
You might be interested to know that the reason users are hitting this
is that they are trying to work around a different bug that is reported
downstream here:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1249777. But the
workaround gets removed on upgrade.
Thanks,
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20180716/c9f06682/attachment.sig>
More information about the Pkg-sssd-devel
mailing list