Bugzilla – Bug 1022
"problem with defaults entries" could be more helpful
Last modified: 2022-03-04 09:14:13 MST
Hi, the error message "problem with defaults entries" coded in various laces in sudoers.c and testsudoers.c is not very helpful, especially as it is used in so many places. Would it be possible to name the problem a bit more concisely? For example, Debian Bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793660 and Red hat Bug https://bugzilla.redhat.com/show_bug.cgi?id=879633 refer to this message being emitted. This is reproducible just by having the sss-sudo plugin (Debian has it in the sssd source package) installed and configured (sudoers: files sss in nsswitch.conf), without having any Defaults entry in sudoers. I think it would be much easier to find out the reason of sudo gave a better error message here. Thanks for considering! Greetings Marc
What is happening in the sssd case is the connector is passing back an ECONNREFUSED error back to sudo when fetching the global default entries. This can happen when nsswitch.conf lists sss as a sudoers source but no sudo provider is configured in sssd.conf. The following commit: https://www.sudo.ws/repos/sudo/rev/60bb147ed3e6 ignores the error. In a future commit I may rearrange things such that the first query is done in the sssd backend's open function which will make it possible to do better error handling.
Fixed in sudo 1.9.10