#2834 sss_override does not errorout on setting uid=0 but dels prev. override

Created 2 years ago by preichl
Modified a year ago

sss_override does not allow user's uid to be set to 0 which is a good think. But it should warn about this and do not remove prev. overrides or at least man page should spell this out explicitly.

clean cash && sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 10000
SSSD needs to be restarted for the changes to take effect.
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:10000:10000:John Doe:/home/john:/bin/bash
 $ sudo sss_override user-add john -u 0
 $ echo $?
0
 $ sudo systemctl restart sssd
 $ getent passwd john
john:*:1234:10000:John Doe:/home/john:/bin/bash

Fields changed

cc: => pbrezina@redhat.com

Sounds like trivial fix we might be able to do in 1.13 (should we create 1.13.4?)

Not really important to fix, deferring.

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

rhbz: => todo

a year ago

Metadata Update from @preichl:
- Issue set to the milestone: SSSD Patches welcome

1st part Fix: Outputting Error on setting uid, gid =0

vim src/tools/sss_override.c

static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr,
("Setting gid=0 is not allowed\n"));
goto done;
}
}

2nd Part Fix: Not reverting uid, gid values to retrieved values. Keeping it to last changed values.
Working on this.

Edited a year ago by amitkumar25nov

Resolved Issue-2 also, This is code that addresses both:
static struct sysdb_attrs *build_attrs(.......){
if (uid != 0) {
...........
}else{
fprintf(stderr, ("Setting uid=0 is not allowed\n"));
ret = !EOK;
goto done;
}
if (gid != 0) {
...........
}else{
fprintf(stderr, ("Setting gid=0 is not allowed\n"));
ret = !EOK;
goto done;
}

Thank you for testing, I will close the ticket, then.

a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field mark reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field sensitive reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None

Sorry, I misunderstood, this is code that Amith will send

a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue close_status updated to: worksforme
- Issue status updated to: Closed (was: Open)

a year ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue status updated to: Open (was: Closed)

Pull Request submitted. Pending review..

Login to comment on this ticket.

defect

SSSD

1.13.1

false

false

todo

false

false

false

false

pbrezina@redhat.com

cancel