Blog: content/Linux/debian-fixing-problem-with-defaults-entries.md annotate

annotate content/Linux/debian-fixing-problem-with-defaults-entries.md @ 91:c9b06b5c9185

add a blog post

author	Dirk Olmes <dirk@xanthippe.ping.de>
date	Sat, 29 Sep 2018 05:58:33 +0200
parents
children	1d9382b0329b

rev	line source
91 c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	1 Title: Fixing the dreaded "problem with defaults entries" in debian
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	2 Date: 2018-09-29
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	3 Lang: en
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	4 Tags: Debian
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	5
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	6 At work we host a number of [Debian](https://www.debian.org/) VMs. Most of them are integrated into the central active directory server using the [sssd](https://packages.debian.org/jessie/utils/sssd) package.
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	7
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	8 Quite unrelatedly my boss kept nagging me about incoming emails to root that looked like this
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	9
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	10 Subject: * SECURITY information for <host> *
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	11
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	12 <host> : Sep 29 05:45:42 : user : problem with defaults entries ; TTY=pts/0 ; PWD=/home/user ;
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	13
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	14 I found the relationship between sssd and the eMails only after some heavy googling: the sssd package modifies `/etc/nsswitch.conf` and adds the sssd as the source for sudoers.
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	15
c9b06b5c9185 add a blog post Dirk Olmes <dirk@xanthippe.ping.de> parents: diff changeset	16 Since we do not keep that info in active directory anyway the fix is easy - simply remove the sssd config for sudoers and enjoy a quiet life without security emails.