Bugzilla – Bug 325
No nsswitch.conf on aix, sudoers entry for ldap use
Last modified: 2009-03-12 10:10:40 MDT
AIX doesn't have a /etc/nsswitch.conf file. If sudo is configured with LDAP support it tries to look for a 'sudoers:' line in /etc/nsswitch.conf. Configure should use '--with-nsswitch=no' on AIX, (or, what I did was have it look info the ldap-config file)
I actually considered this a feature rather than a bug. Without something like nsswitch.conf there is no good way to specify the order of lookups. This is a real problem for people trying to package up sudo. I've been considering adding an order line in /etc/sudoers, which may show up in sudo 1.7.0.
I consider '--with-nsswitch=/etc/sudo.ldap' or something equivalent a decent workaround... this is what I currently use. Another option work be to maybe parse AIX's equivalent of nsswitch.conf, which is /etc/netsvc.conf and uses the following format: identifier = value, value I have no idea if it's possible to add custom identifiers, or if this will break other applications
Can you try ftp://ftp.sudo.ws/pub/millert/sudo/sudo-1.7.1b3.tar.gz and see if it properly configures sudo to use /etc/netsvc.conf? It should define _PATH_NETSVC_CONF in config.h and use netsvc.conf instead of nsswitch.conf
It seems to work, I do have to explicitly give --with-netsvc in configure: $ sudo ./sudo -l Matching Defaults entries for root on this host: MUNGED Runas and Command-specific defaults for root: User root may run the following commands on this host: (ALL) ALL (from files) (root) EXEC: /usr/bin/bash, ALL (from ldap) $ sudo vi /etc/netsvc.conf (remove the sudoers ldap line) $ sudo ./sudo -l User root may run the following commands on this host: (ALL) ALL
That's odd. I didn't have to use --with-netsvc when I had that block outside of the aix section in configure.
Yeah... seems to work as well without the explicit --with-netsvc Just didn't test it correctly (was looking for output in the config.log) so FIXED :)