On Tue, Jul 15, 2014 at 04:34:07PM +0200, Jakub Hrozek wrote: > On Mon, Jul 14, 2014 at 02:33:48PM +0200, Pavel Březina wrote: > > https://fedorahosted.org/sssd/ticket/2212 > > > From ed3093d513e54c377fcaf3234bc54e5143027da0 Mon Sep 17 00:00:00 2001 > > From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> > > Date: Mon, 14 Jul 2014 14:23:50 +0200 > > Subject: [PATCH] sudo: fetch sudoRunAs attribute > > > > This attribute was used in pre 1.7 versions of sudo and it is now > > deprecated by sudoRunAsUser and sudoRunAsGroup. However, some users > > still use this attribute so we need to support it to ensure backward > > compatibility. > > > > > This patch makes sure that this attribute is downloaded if present and > > provided to sudo. Sudo than decides how to handle it. > > Good idea. In my testing, once there is both RunAsUser and RunAs, only > RunAsUser is read by sudo (which is what I'd expect). > > > > > The new mapping option is not present in a man page since this > > attribute is deprecated in sudo for a very long time. > > This too. > > > > > Resolves: > > https://fedorahosted.org/sssd/ticket/2212 > > ACK. I tested with this record: > objectClass: sudoRole > objectClass: top > sudoUser: tuser > sudoHost: ALL > sudoCommand: /usr/bin/touch > cn: touchrule > sudoRunAs: jhrozek > sudoRunAsUser: lcl > > I was able to run: > sudo -u lcl /usr/bin/touch /tmp/somefile > but not: > sudo -u jhrozek /usr/bin/touch /tmp/somefile > > Once I removed sudoRunAsUser, I was able to run sudo as jhrozek.
* master: 7c30e60c525ea798aaab142766ff00eef4b5df3b _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
