Sudorule RunAsUser does not work with external group:
# ipa sudorule-add-runasuser test --groups barbar Rule name: test Enabled: TRUE Failed RunAs: member user: member group: barbar: no such entry ------------------------- Number of members added 0 -------------------------
There is existing unit test failing:
====================================================================== ERROR: ipatests.test_integration.test_sudo.TestSudo.test_sudo_rule_restricted_to_run_as_users_from_local_group_setup ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/usr/lib/python2.7/site-packages/ipatests/test_integration/test_sudo.py", line 459, in test_sudo_rule_restricted_to_run_as_users_from_local_group_setup '--groups', 'localgroup']) File "/usr/lib/python2.7/site-packages/ipatests/test_integration/host.py", line 275, in run_command command.wait(raiseonerr=raiseonerr) File "/usr/lib/python2.7/site-packages/ipatests/test_integration/transport.py", line 154, in wait raise subprocess.CalledProcessError(self.returncode, self.argv) CalledProcessError: Command '['ipa', 'sudorule-add-runasuser', 'testrule', '--groups', 'localgroup']' returned non-zero exit status 1
This is an obvious typo.
Patch ''freeipa-mkosek-483-sudorule-runasuser-should-work-with-external-groups.patch'' sent for review freeipa-mkosek-483-sudorule-runasuser-should-work-with-external-groups.patch
This is a regression in #4263 caused by af4518b. Moving to 4.0.4.
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 4.0.4
Login to comment on this ticket.