Sudo commands with characters that need to be escaped in a DN (backslash, plus, comma, less-than...) cannot be removed from command groups.
These can appear in valid sudo commands (such as /bin/ls /lost+found).
/bin/ls /lost+found
$ ./ipa sudocmd-add + ---------------------- Added Sudo Command "+" ---------------------- Sudo Command: + $ ./ipa sudocmdgroup-add a-group --desc=g1 ---------------------------------- Added Sudo Command Group "a-group" ---------------------------------- Sudo Command Group: a-group Description: g1 $ ./ipa sudocmdgroup-add-member a-group --sudocmds=+ Sudo Command Group: a-group Description: g1 Member Sudo commands: + ------------------------- Number of members added 1 ------------------------- $ ./ipa sudocmdgroup-remove-member a-group --sudocmds=+ Sudo Command Group: a-group Description: g1 Member Sudo commands: + Failed members: member sudo command: +: This entry is not a member --------------------------- Number of members removed 0 ---------------------------
Tests tests-for-ticket-2483.patch
Here are some tests if anyone wants to work on this now.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=800537
master: 1dc11a0[[BR]] ipa-2-2: f43aae3
Metadata Update from @pviktori: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.