[Freeipa-users] (no subject)

[Karl Forner]

> Thanks. Please, keep in mind that we changed the default to the correct
> order in sssd 1.13.1. Therefore if you update sssd you will either have to
> invert the order again or set sudo_inverse_order = true in [sudo] in
> /etc/sssd/sssd.conf.

ok. I don't think there's an easy way to upgrade sssd right now with
ubuntu 14.04.
Is-it possible to set sudo_inverse_order = true with my current
version, i.e. even if it is not yet recognized ?




>
>
>>
>>
>> On Thu, Oct 8, 2015 at 5:26 PM, Pavel Březina <pbrezina at redhat.com> wrote:
>>>
>>> On 10/08/2015 04:26 PM, Karl Forner wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>>
>>>>> you are prompted for password because (ALL) ALL rule is applied because
>>>>> of last-match rule. > > > See:
>>>>> http://www.sudo.ws/man/1.8.13/sudoers.ldap.man.html sudoOrder.
>>>>
>>>>
>>>>
>>>> Ok. I updated the rules to use a sudoorder attribute of 100 for the
>>>> /usr/bin/less sudo rule.
>>>> Now, if I type in a terminal:
>>>> %sudo -l
>>>> Matching Defaults entries for karl on midgard:
>>>>       env_reset, mail_badpass,
>>>>
>>>>
>>>> secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
>>>>
>>>> User karl may run the following commands on xxxx:
>>>>       (ALL) ALL
>>>>       (root) NOPASSWD: /usr/bin/git status, /usr/local/bin/git status
>>>>       (ALL) ALL
>>>>       (ALL) NOPASSWD: /usr/bin/less
>>>>
>>>> so my less rule is the last one. So far so good.
>>>>
>>>> %sudo -l less
>>>> /usr/bin/less
>>>>
>>>> but if I type in a new terminal:
>>>> %sudo less .bashrc
>>>> [sudo] password for karl:
>>>>
>>>> I am prompted to type in a password.
>>>>
>>>> So there seems to be a problem, right ?
>>>>
>>>> Regards,
>>>> Karl
>>>>
>>>
>>> Hi,
>>> we have a bug in sssd in versions prior 1.13.1:
>>> https://fedorahosted.org/sssd/ticket/2682
>>>
>>> where sudoOrder attribute is treated the other ways around. Please, try
>>> inverting the order. What version of sssd do you use?
>>>
>