Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1366

adding user to the wheel group does not permit sudo access

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Normal Normal
    • None
    • rhel-8.5.0
    • sudo
    • None
    • Moderate
    • rhel-idm-sssd
    • ssg_security
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 0

      Description of problem:

      In RHEL web console "Server Administrator" in the Roles item failed to provide administrative access to the user.

      Version-Release number of selected component (if applicable):

      1. rpm -qa | grep cockpit
        cockpit-ws-251.3-1.el8_5.x86_64
        cockpit-system-251.3-1.el8_5.noarch
        cockpit-251.3-1.el8_5.x86_64
        cockpit-podman-39-1.module+el8.5.0+13754+92ec836b.noarch
        cockpit-bridge-251.3-1.el8_5.x86_64
        cockpit-storaged-251.1-1.el8.noarch
        cockpit-packagekit-251.1-1.el8.noarch

      How reproducible:

      Steps to Reproduce:
      1. Login to the RHEL web console, create account and set 'Server Administrator Role' :
      ~~~~~~~~~~~
      https://localhost:9090/ -> Accounts -> Create Account (created test-wheel account) -> Click on user "test-wheel" -> Roles -> Check box Server Administrator
      ~~~~~~~~~~~

      2. The newly created added as member of 'wheel' group :
      ~~~
      [root@ipaserver-rh8 ~]# id test-wheel
      uid=1022(test-wheel) gid=1027(test-wheel) groups=1027(test-wheel),10(wheel)
      ~~~

      3. Verify the active authselect profile:
      ~~~~
      [root@ipaserver-rh8 ~]# authselect current
      Profile ID: sssd
      Enabled features:

      • with-mkhomedir
        ~~~~

      Actual results:
      ~~~~~~~~~~~~~~~~~~~
      [root@ipaserver-rh8 ~]# sudo -U test-wheel -ll
      User test-wheel is not allowed to run sudo on ipaserver-rh8.

      • Logged in with the user "test-wheel" via Cockpit -> Clicked on Limited Access -> Clicked on Switch to Administrative Access ---> Failed with below error:
        ----------------
        Danger alert:
        Problem becoming administrator
        Test-wheel is not in the sudoers file. This incident will be reported.
        ---------------
        ~~~~~~~~~~~~~~~~~~~

      Expected results:

      • Logged in with the user "test-wheel" via Cockpit -> Clicked on Limited Access -> Clicked on Switch to Administrative Access ---> Successful :

      Additional info:

      Works when:

      1. When sssd is configured as below :
      ~~~~~~~~~~~~~~~~

      • Added below option under [sssd] section:
        -------
        enable_files_domain = false
        -------
      • Restart sssd service
        ~~~~~~~~~~~~~~~~

      2. When minimal authselect profile is deployed.

      3. Not working with the default (i.e sssd) authselect profile .

              rh-ee-allopez Alejandro Lopez
              rhn-support-alsharma Alok Sharma
              Alejandro Lopez Alejandro Lopez
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: