[Freeipa-devel] [freeipa PR#6062][opened] [Backport][ipa-4-9] On redhat-based platforms rely on authselect to enable sudo

rcritten via FreeIPA-devel Thu, 28 Oct 2021 13:25:34 -0700

   URL: https://github.com/freeipa/freeipa/pull/6062
Author: rcritten
 Title: #6062: [Backport][ipa-4-9] On redhat-based platforms rely on authselect 
to enable sudo
Action: opened


PR body:
"""
This PR was opened automatically because PR #6047 was pushed to master and 
backport to ipa-4-9 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6062/head:pr6062
git checkout pr6062

From 4c19b34ed1859a23640ed1d95743b28d0e1078a6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 13 Oct 2021 17:54:12 -0400
Subject: [PATCH] On redhat-based platforms rely on authselect to enable sudo

The default platform task enable_sssd_sudo() writes directly
to nsswitch.conf to enable sudo. This isn't necessary to do on
systems with authselect where we already pass in with-sudo as a
profile option.

Override the default function with does a direct write with a no-op.

https://pagure.io/freeipa/issue/8755

Signed-off-by: Rob Crittenden <rcrit...@redhat.com>
---
 ipaplatform/redhat/tasks.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 4b0209f5d8b..2271cd20aa1 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -756,6 +756,9 @@ def get_pkcs11_modules(self):
                                   "{}.module".format(name))
                      for name, _module, _disabled in PKCS11_MODULES)
 
+    def enable_sssd_sudo(self, _fstore):
+        """sudo enablement is handled by authselect"""
+
     def enable_ldap_automount(self, statestore):
         """
         Point automount to ldap in nsswitch.conf.

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-devel] [freeipa PR#6062][opened] [Backport][ipa-4-9] On redhat-based platforms rely on authselect to enable sudo

Reply via email to