sudo -ll does not list the rule names when sssd is used.

Solution In Progress - Updated -

Issue

  • When SSSD is configured to get the sudo entries, the sudo long listing option does not list the rule names.
  • If there are 100s of rules present, it is difficult to then name of the rule allowed/denied sudo commands.

For Example:

# sudo -ll -U luser1
User luser1 may run the following commands on this host:

**LDAP Role: storage**
    RunAsUsers: ALL
    Commands:
    /bin/fdisk

**LDAP Role: passwd**
    RunAsUsers: ALL
    Commands:
    /usr/bin/passwd
[root@dhcp210-115 sssd]#

sudo_SSS

[root@dhcp210-115 sssd]# !vi
vi /etc/sudo-ldap.conf
[root@dhcp210-115 sssd]# vi /etc/nsswitch.conf
[root@dhcp210-115 sssd]# sudo -ll -U luser1
User luser1 may run the following commands on this host:
    RunAsUsers: ALL
    Commands:
    /bin/fdisk
    RunAsUsers: root
    Commands:
    /usr/bin/passwd
    RunAsUsers: ALL
    Commands:
    /bin/be_admkn
  • While use ldap, it lists the rule, and the rule name is missing with sssd.

Environment

  • sudo-1.8.6p3-7.el6
  • Red Hat Enterprise Linux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content