SSSD / sssd

Clone
Source Code
GIT
Documentation
GIT

Learn more about these different git repos.

#2834 sss_override does not errorout on setting uid=0 but dels prev. override
Opened 3 years ago by preichl. Modified a year ago

Open
Close issue as:
Fixed Invalid wontfix duplicate worksforme

sss_override does not allow user's uid to be set to 0 which is a good think. But it should warn about this and do not remove prev. overrides or at least man page should spell this out explicitly.

clean cash && sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 10000
SSSD needs to be restarted for the changes to take effect.
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:10000:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 0
 $ echo $?
0
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash

Fields changed

cc: => pbrezina@redhat.com

Sounds like trivial fix we might be able to do in 1.13 (should we create 1.13.4?)

Not really important to fix, deferring.

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => todo

Metadata Update from @preichl:
- Issue set to the milestone: SSSD Patches welcome
2 years ago

1st part Fix: Outputting Error on setting uid, gid =0

vim src/tools/sss_override.c

static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
goto done;
}
}

2nd Part Fix: Not reverting uid, gid values to retrieved values. Keeping it to last changed values.
Working on this.
Edited 2 years ago by amitkumar25nov

Resolved Issue-2 also, This is code that addresses both:
static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
ret = !EOK;
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
ret = !EOK;
goto done;
}

Thank you for testing, I will close the ticket, then.

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None
a year ago

Sorry, I misunderstood, this is code that Amith will send

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)
a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue status updated to: Open (was: Closed)
a year ago

Pull Request submitted. Pending review..

Login to comment on this ticket.

Metadata
None
None
None
None
minor
defect
SSSD
1.13.1
false
None
false
todo
false
false
None
None
None
false
None
None
false
pbrezina@redhat.com
None
None
Powered by Pagure 5.1.3
DocumentationFile an IssueSSH Hostkey/Fingerprint
© 2014-2018 Red Hat, Inc. and others.