#2834 sss_override does not errorout on setting uid=0 but dels prev. override

Created 2 years ago by preichl

Modified a year ago

sss_override does not allow user's uid to be set to 0 which is a good think. But it should warn about this and do not remove prev. overrides or at least man page should spell this out explicitly.

clean cash && sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 10000
SSSD needs to be restarted for the changes to take effect.
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:10000:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 0
 $ echo $?
0
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash

preichl 2 years ago

Fields changed

cc: => pbrezina@redhat.com

jhrozek 2 years ago

Sounds like trivial fix we might be able to do in 1.13 (should we create 1.13.4?)

jhrozek 2 years ago

Not really important to fix, deferring.

milestone: NEEDS_TRIAGE => SSSD Deferred

jhrozek 2 years ago

Fields changed

rhbz: => todo

a year ago

Metadata Update from @preichl:
- Issue set to the milestone: SSSD Patches welcome

amitkumar25nov a year ago

1st part Fix: Outputting Error on setting uid, gid =0

vim src/tools/sss_override.c

static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
goto done;
}
}

2nd Part Fix: Not reverting uid, gid values to retrieved values. Keeping it to last changed values.
Working on this.

Edited a year ago by amitkumar25nov

amitkumar25nov a year ago

Resolved Issue-2 also, This is code that addresses both:
static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
ret = !EOK;
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
ret = !EOK;
goto done;
}

jhrozek a year ago

Thank you for testing, I will close the ticket, then.

a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None

jhrozek a year ago

Sorry, I misunderstood, this is code that Amith will send

a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

a year ago

amitkumar25nov a year ago

Pull Request submitted. Pending review..

Status

Open

Tags

Assignee

unassigned

Blocking

Depending on

Priority

minor

Milestone

SSSD Patches welcome

Cancel

type

defect

component

SSSD

version

1.13.1

testsupdated

false

selected

patch

false

rhbz

todo

design_review

false

review

false

changelog

keywords

coverity

mark

false

blocking

design

sensitive

false

pbrezina@redhat.com

blockedby

feature_milestone

cancel