[Pkg-sssd-devel] Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
Andreas Beckmann
andreas at abeckmann.de
Sat Nov 8 19:35:28 UTC 2014
> Strange, purge works for me..
This probably depends on how /etc/nsswitch.conf looked before the test,
i.e. whether it already contained a sudoers line.
> :: root at sid:/etc> md5sum nsswitch.conf
> d204d419661fba0df52f9be8e2a29fdd nsswitch.conf
I couldn't reproduce your md5sums in a current sid chroot
Your postinst script adds the
"sudoers: files sss"
line to /etc/nsswitch.conf, but the postrm only removes the " sss" part
from that line, leaving the rest.
BTW, isn't doing that in the postrm too late anyway? Shouldn't that be
removed already by "prerm remove"? With the postrm approach there is a
small timespan where sudo could fail: the libsss library is already
removed, but still referenced in /etc/nsswitch.conf. (And in the worst
case the machine crashes at that moment - rebooting with a broken
sudoers configuration in /etc/nsswitch.conf)
You could append this to your postrm sed script to remove sudoer: files
after disabling sss
/^sudoers: files$/d
Or is there any other source that could add a sudoers line to
/etc/nsswitch.conf?
Also note that your postinst script has misleading comments talking
about passwd, group, etc. lines being modified.
Also the following sequence does not enable sss for sudoers:
apt-get install libsss-sudo # sss gets enabled
apt-get remove libsss-sudo # sss gets disabled, don't purge
apt-get install libsss-sudo # goes the "upgrade, nothing to do" branch
Andreas
More information about the Pkg-sssd-devel
mailing list