[bug-notifications] [sudo 0003687]: Sudo 1.7.0 fails with comment text after User_Alias definition section.

Mantis Bug Tracker noreply at opencsw.org
Tue May 26 11:14:17 CEST 2009


The following issue has been SUBMITTED. 
====================================================================== 
http://www.opencsw.org/bugtrack/view.php?id=3687 
====================================================================== 
Reported By:                mderoo
Assigned To:                
====================================================================== 
Project:                    sudo
Issue ID:                   3687
Category:                   regular use
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
====================================================================== 
Date Submitted:             2009-05-26 11:14 CEST
Last Modified:              2009-05-26 11:14 CEST
====================================================================== 
Summary:                    Sudo 1.7.0 fails with comment text after User_Alias
definition section.
Description: 
For the readability of the sudoers file I have added some readable
commented lines. Since Version 1.7.0 this fails and I get a syntax error
near line <xx>.

My sudoers file looks like this:

#===============================================================================
#       Host alias specification
#===============================================================================
Host_Alias      HOST = server1
#
#===============================================================================
#       Defaults specification
#===============================================================================
Defaults        syslog = auth
#
#===============================================================================
#       User alias specification
#===============================================================================
User_Alias                        SYSMGT = user1, \
                                           user2
#
User_Alias                       MONITOR = user3
#
User_Alias                    LOCALADMIN = user4
#
#==============================================================================
#      Cmnd alias specification
#==============================================================================
#------------------------------------------------------------------------------
#      Allow list
#------------------------------------------------------------------------------
Cmnd_Alias                           NDD = /usr/sbin/ndd, \
                                           /sbin/ethtool
#
Cmnd_Alias                      IPMITOOL = /usr/bin/ipmitool, \
                                           /usr/local/bin/ipmitool
#
#------------------------------------------------------------------------------
#      Disallow list
#------------------------------------------------------------------------------
#
# Switch to super-user
#
Cmnd_Alias                        SUROOT = /usr/bin/su [-], \
                                           /usr/bin/su [-] root, \
                                           /bin/su [-], \
                                           /bin/su [-] root
#
#
# Disallow modification of sudo configuration
#
Cmnd_Alias                        VISUDO = /opt/csw/sbin/visudo, \
                                           /usr/sbin/visudo
#
#
# Disallow various shells
#
Cmnd_Alias                         SHELL = /usr/bin/*sh, \
                                           /sbin/*sh, \
                                           /usr/openwin/bin/xterm, \
                                           /usr/dt/bin/dtterm, \
                                           /usr/openwin/bin/cmdtool, \
                                           /usr/openwin/bin/shelltool
#
#==============================================================================
#      User privilege specification
#==============================================================================
#------------------------------------------------------------------------------
#      Default rule for root to be almighty
#------------------------------------------------------------------------------
root            HOST = (ALL)    ALL
#
#------------------------------------------------------------------------------
#      System administrators can do anything without a password
#------------------------------------------------------------------------------
SYSMGT          HOST = (ALL)    NOPASSWD: ALL
#
#------------------------------------------------------------------------------
#      Allow monitoring account to perform network check without a
password
#------------------------------------------------------------------------------
MONITOR         HOST = (root)   NOPASSWD: NDD, IPMITOOL
#
#------------------------------------------------------------------------------
#      Local administrators have limited rights and need to authenticate
#------------------------------------------------------------------------------
LOCALADMIN      HOST = (ALL)    NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL
#
#==============================================================================
#      End of sudoers file.
#==============================================================================

Errors during save are:

"/opt/csw/etc/sudoers.tmp" 85 lines, 3922 characters 
>>> /opt/csw/etc/sudoers: syntax error near line 23 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 25 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 32 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 34 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 62 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 64 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 67 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 69 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 72 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 74 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 77 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 79 <<<
What now?

It all works fine if saved like this:

#===============================================================================
#       Host alias specification
#===============================================================================
Host_Alias      HOST = server1
#
#===============================================================================
#       Defaults specification
#===============================================================================
Defaults        syslog = auth
#
#===============================================================================
#       User alias specification
#===============================================================================
User_Alias                        SYSMGT = user1, \
                                           user2
#
User_Alias                       MONITOR = user3
#
User_Alias                    LOCALADMIN = user4
#
##==============================================================================
##      Cmnd alias specification
##==============================================================================
##------------------------------------------------------------------------------
##      Allow list
##------------------------------------------------------------------------------
Cmnd_Alias                           NDD = /usr/sbin/ndd, \
                                           /sbin/ethtool
#
Cmnd_Alias                      IPMITOOL = /usr/bin/ipmitool, \
                                           /usr/local/bin/ipmitool
#
##------------------------------------------------------------------------------
##      Disallow list
##------------------------------------------------------------------------------
#
# Switch to super-user
#
Cmnd_Alias                        SUROOT = /usr/bin/su [-], \
                                           /usr/bin/su [-] root, \
                                           /bin/su [-], \
                                           /bin/su [-] root
#
#
# Disallow modification of sudo configuration
#
Cmnd_Alias                        VISUDO = /opt/csw/sbin/visudo, \
                                           /usr/sbin/visudo
#
#
# Disallow various shells
#
Cmnd_Alias                         SHELL = /usr/bin/*sh, \
                                           /sbin/*sh, \
                                           /usr/openwin/bin/xterm, \
                                           /usr/dt/bin/dtterm, \
                                           /usr/openwin/bin/cmdtool, \
                                           /usr/openwin/bin/shelltool
#
##==============================================================================
##      User privilege specification
##==============================================================================
##------------------------------------------------------------------------------
##      Default rule for root to be almighty
##------------------------------------------------------------------------------
root            HOST = (ALL)    ALL
#
##------------------------------------------------------------------------------
##      System administrators can do anything without a password
##------------------------------------------------------------------------------
SYSMGT          HOST = (ALL)    NOPASSWD: ALL
#
##------------------------------------------------------------------------------
##      Allow monitoring account to perform network check without a
password
##------------------------------------------------------------------------------
MONITOR         HOST = (root)   NOPASSWD: NDD, IPMITOOL
#
##------------------------------------------------------------------------------
##      Local administrators have limited rights and need to authenticate
##------------------------------------------------------------------------------
LOCALADMIN      HOST = (ALL)    NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL
#
##==============================================================================
##      End of sudoers file.
##==============================================================================


Is this an error in the rewritten parser or due to the introduction of
#include functionality?

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-05-26 11:14 mderoo         New Issue                                    
======================================================================




More information about the bug-notifications mailing list