Sudo under gentoo uses /etc/ldap.conf.sudo by default. This is unexpected behavior.
Brian Vargas in bug 107634 stated:
"Actually, the configuration file is intentionally set to ldap.conf.sudo so that
the sudoers information can be read-only, in the same way that /etc/sudoers is
Simply symlinking and changing the permissions leaves yourself less secure."
So, it looks like this was done for a reason. However, it would be nice if this
behavior were instead enabled via a USE flag.
perhaps wrap "$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)" with "if use
ldap_conf_file" or similar?
Steps to Reproduce:
or rather, simply change that line to:
$(use_with alternate_ldap_config ldap_conf_file /etc/ldap.conf.sudo)
This behaviour is specified in a post_install warning and leaving a world
readable ldap.conf is an insecure practice because it's just like having
a world readable /etc/sudoers. So I don't think we should allow the option
to have an unsafe configuration.
ccing taviso for another opinion about this and closing as WONTFIX, we'll reopen