URL: https://github.com/freeipa/freeipa/pull/6047 Author: rcritten Title: #6047: On redhat-based platforms rely on authselect to enable sudo Action: opened
PR body: """ The default platform task enable_sssd_sudo() writes directly to nsswitch.conf to enable sudo. This isn't necessary to do on systems with authselect where we already pass in with-sudo as a profile option. Override the default function with does a direct write with a no-op. https://pagure.io/freeipa/issue/8755 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> I think the existing tests will exercise whether the client is configured properly and sudo works. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/6047/head:pr6047 git checkout pr6047
From e2c971fd848808053ba4f3908f4221262776612e Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Wed, 13 Oct 2021 17:54:12 -0400 Subject: [PATCH] On redhat-based platforms rely on authselect to enable sudo The default platform task enable_sssd_sudo() writes directly to nsswitch.conf to enable sudo. This isn't necessary to do on systems with authselect where we already pass in with-sudo as a profile option. Override the default function with does a direct write with a no-op. https://pagure.io/freeipa/issue/8755 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaplatform/redhat/tasks.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 4b0209f5d8b..06cbe6c63b1 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -756,6 +756,10 @@ def get_pkcs11_modules(self): "{}.module".format(name)) for name, _module, _disabled in PKCS11_MODULES) + def enable_sssd_sudo(self, _fstore): + """sudo enablement is handled by authselect""" + pass + def enable_ldap_automount(self, statestore): """ Point automount to ldap in nsswitch.conf.
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
