Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sudo (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1688034
Title:
I guess this also makes 1.8.16-0ubuntu1.3 a "security" update, since
sudo+sssd now enforces policy which it should have done before, but
didn't.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1688034
I found out how to enable debugging for sudoers:
Debug sudo /var/log/sudo-debug all@info
Debug sudoers.so /var/log/sudoers-debug all@info
With the *new* sudo I get the following logged matching 'sssd':
May 5 12:40:06 sudo[17912] sssd/ldap sudoHost 'ALL' ... MATCH!
May 5 12:40:06 sudo[17912]
Now trying with @debug instead of @info
Slight munging of output to make it diffable, then diff -u:
--- v1.debug.trim 2017-05-03 20:28:07.78400 +
+++ v2.debug.trim 2017-05-03 20:28:14.03200 +
@@ -38,87 +38,6 @@
-> parse_args @
Some additional info.
I enabled sudo debugging by creating /etc/sudo.conf containing:
Debug sudo /var/log/sudo-debug all@info
Debug sudoers /var/log/sudoers-debug all@info
With the newer (non-functioning) sudo, /var/log/sudo-debug contains:
May 3 18:55:50 sudo[8003] comparing dev 34817 to
