[bug-notifications] [sudo 0003687]: Sudo 1.7.0 fails with comment text after User_Alias definition section.
Mantis Bug Tracker
noreply at opencsw.org
Tue May 26 11:14:17 CEST 2009
The following issue has been SUBMITTED.
======================================================================
http://www.opencsw.org/bugtrack/view.php?id=3687
======================================================================
Reported By: mderoo
Assigned To:
======================================================================
Project: sudo
Issue ID: 3687
Category: regular use
Reproducibility: always
Severity: major
Priority: normal
Status: new
======================================================================
Date Submitted: 2009-05-26 11:14 CEST
Last Modified: 2009-05-26 11:14 CEST
======================================================================
Summary: Sudo 1.7.0 fails with comment text after User_Alias
definition section.
Description:
For the readability of the sudoers file I have added some readable
commented lines. Since Version 1.7.0 this fails and I get a syntax error
near line <xx>.
My sudoers file looks like this:
#===============================================================================
# Host alias specification
#===============================================================================
Host_Alias HOST = server1
#
#===============================================================================
# Defaults specification
#===============================================================================
Defaults syslog = auth
#
#===============================================================================
# User alias specification
#===============================================================================
User_Alias SYSMGT = user1, \
user2
#
User_Alias MONITOR = user3
#
User_Alias LOCALADMIN = user4
#
#==============================================================================
# Cmnd alias specification
#==============================================================================
#------------------------------------------------------------------------------
# Allow list
#------------------------------------------------------------------------------
Cmnd_Alias NDD = /usr/sbin/ndd, \
/sbin/ethtool
#
Cmnd_Alias IPMITOOL = /usr/bin/ipmitool, \
/usr/local/bin/ipmitool
#
#------------------------------------------------------------------------------
# Disallow list
#------------------------------------------------------------------------------
#
# Switch to super-user
#
Cmnd_Alias SUROOT = /usr/bin/su [-], \
/usr/bin/su [-] root, \
/bin/su [-], \
/bin/su [-] root
#
#
# Disallow modification of sudo configuration
#
Cmnd_Alias VISUDO = /opt/csw/sbin/visudo, \
/usr/sbin/visudo
#
#
# Disallow various shells
#
Cmnd_Alias SHELL = /usr/bin/*sh, \
/sbin/*sh, \
/usr/openwin/bin/xterm, \
/usr/dt/bin/dtterm, \
/usr/openwin/bin/cmdtool, \
/usr/openwin/bin/shelltool
#
#==============================================================================
# User privilege specification
#==============================================================================
#------------------------------------------------------------------------------
# Default rule for root to be almighty
#------------------------------------------------------------------------------
root HOST = (ALL) ALL
#
#------------------------------------------------------------------------------
# System administrators can do anything without a password
#------------------------------------------------------------------------------
SYSMGT HOST = (ALL) NOPASSWD: ALL
#
#------------------------------------------------------------------------------
# Allow monitoring account to perform network check without a
password
#------------------------------------------------------------------------------
MONITOR HOST = (root) NOPASSWD: NDD, IPMITOOL
#
#------------------------------------------------------------------------------
# Local administrators have limited rights and need to authenticate
#------------------------------------------------------------------------------
LOCALADMIN HOST = (ALL) NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL
#
#==============================================================================
# End of sudoers file.
#==============================================================================
Errors during save are:
"/opt/csw/etc/sudoers.tmp" 85 lines, 3922 characters
>>> /opt/csw/etc/sudoers: syntax error near line 23 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 25 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 32 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 34 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 62 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 64 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 67 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 69 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 72 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 74 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 77 <<<
>>> /opt/csw/etc/sudoers: syntax error near line 79 <<<
What now?
It all works fine if saved like this:
#===============================================================================
# Host alias specification
#===============================================================================
Host_Alias HOST = server1
#
#===============================================================================
# Defaults specification
#===============================================================================
Defaults syslog = auth
#
#===============================================================================
# User alias specification
#===============================================================================
User_Alias SYSMGT = user1, \
user2
#
User_Alias MONITOR = user3
#
User_Alias LOCALADMIN = user4
#
##==============================================================================
## Cmnd alias specification
##==============================================================================
##------------------------------------------------------------------------------
## Allow list
##------------------------------------------------------------------------------
Cmnd_Alias NDD = /usr/sbin/ndd, \
/sbin/ethtool
#
Cmnd_Alias IPMITOOL = /usr/bin/ipmitool, \
/usr/local/bin/ipmitool
#
##------------------------------------------------------------------------------
## Disallow list
##------------------------------------------------------------------------------
#
# Switch to super-user
#
Cmnd_Alias SUROOT = /usr/bin/su [-], \
/usr/bin/su [-] root, \
/bin/su [-], \
/bin/su [-] root
#
#
# Disallow modification of sudo configuration
#
Cmnd_Alias VISUDO = /opt/csw/sbin/visudo, \
/usr/sbin/visudo
#
#
# Disallow various shells
#
Cmnd_Alias SHELL = /usr/bin/*sh, \
/sbin/*sh, \
/usr/openwin/bin/xterm, \
/usr/dt/bin/dtterm, \
/usr/openwin/bin/cmdtool, \
/usr/openwin/bin/shelltool
#
##==============================================================================
## User privilege specification
##==============================================================================
##------------------------------------------------------------------------------
## Default rule for root to be almighty
##------------------------------------------------------------------------------
root HOST = (ALL) ALL
#
##------------------------------------------------------------------------------
## System administrators can do anything without a password
##------------------------------------------------------------------------------
SYSMGT HOST = (ALL) NOPASSWD: ALL
#
##------------------------------------------------------------------------------
## Allow monitoring account to perform network check without a
password
##------------------------------------------------------------------------------
MONITOR HOST = (root) NOPASSWD: NDD, IPMITOOL
#
##------------------------------------------------------------------------------
## Local administrators have limited rights and need to authenticate
##------------------------------------------------------------------------------
LOCALADMIN HOST = (ALL) NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL
#
##==============================================================================
## End of sudoers file.
##==============================================================================
Is this an error in the rewritten parser or due to the introduction of
#include functionality?
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2009-05-26 11:14 mderoo New Issue
======================================================================
More information about the bug-notifications
mailing list