Re: [Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'

Matt Kassawara Sun, 17 Jan 2010 16:55:44 -0800

I was not using a self-signed certificate at the time I reported this  
bug.


On Jan 17, 2010, at 5:14 PM, David Tomaschik wrote:

> Is anyone experiencing this bug running an LDAPS server that does NOT
> have a self-signed certificate?  I'm wondering if the issue might be
> certificate-related, since using plaintext ldap works.
>
> -- 
> NSS using LDAP on Karmic breaks 'su' and 'sudo'
> https://bugs.launchpad.net/bugs/423252
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “sudo” package in Debian: Confirmed
> Status in “sudo” package in Kairos Linux: New
>
> Bug description:
> On Karmic (alpha 4 plus updates), changing the nsswitch.conf  
> 'passwd' field to anything with 'ldap' as the first item breaks the  
> ability to become root using 'su' and 'sudo' as anyone but root.
>
> Default nsswitch.conf:
>
> passwd:         compat
> group:          compat
> shadow:         compat
>
> m...@box:~$ sudo uname -a
> [sudo] password for matt:
> Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC  
> 2009 x86_64 GNU/Linux
>
> m...@box:~$ su -
> Password:
> r...@box:~#
>
> Modified nsswitch.conf with 'ldap' before 'compat':
>
> passwd:         ldap compat
> group:          ldap compat
> shadow:         ldap compat
>
> m...@box:~$ sudo uname -a
> sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
>
> m...@box:~$ su -
> Password:
> setgid: Operation not permitted
>
> Modified nsswitch.conf with 'ldap' after 'compat':
>
> passwd:         compat ldap
> group:          compat ldap
> shadow:         compat ldap
>
> m...@box:~$ sudo uname -a
> [sudo] password for matt:
> Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC  
> 2009 x86_64 GNU/Linux
>
> m...@box:~$ su -
> Password:
> r...@box:~#
>
> The same arrangements in nsswitch.conf work as expected in Jaunty  
> and earlier releases.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/423252/+subscribe

-- 
NSS using LDAP on Karmic breaks 'su' and 'sudo'
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 423252] Re: NSS using LDAP on Karmic breaks 'su' and 'sudo'

Reply via email to