#2834 sss_override does not errorout on setting uid=0 but dels prev. override
Closed: wontfix a year ago by pbrezina. Opened 5 years ago by preichl.

sss_override does not allow user's uid to be set to 0 which is a good think. But it should warn about this and do not remove prev. overrides or at least man page should spell this out explicitly.

clean cash && sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 10000
SSSD needs to be restarted for the changes to take effect.
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:10000:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 0
 $ echo $?
0
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash

Fields changed

cc: => pbrezina@redhat.com

Sounds like trivial fix we might be able to do in 1.13 (should we create 1.13.4?)

Not really important to fix, deferring.

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => todo

Metadata Update from @preichl:
- Issue set to the milestone: SSSD Patches welcome

4 years ago

1st part Fix: Outputting Error on setting uid, gid =0

vim src/tools/sss_override.c

static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr,
("Setting gid=0 is not allowed\n"));
goto done;
}
}

2nd Part Fix: Not reverting uid, gid values to retrieved values. Keeping it to last changed values.
Working on this.

Resolved Issue-2 also, This is code that addresses both:
static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
ret = !EOK;
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
ret = !EOK;
goto done;
}

Thank you for testing, I will close the ticket, then.

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None

4 years ago

Sorry, I misunderstood, this is code that Amith will send

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue status updated to: Open (was: Closed)

4 years ago

Pull Request submitted. Pending review..

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

a year ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3875

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata