Sudo Cmnd_Alias doesn't seem to work in precise
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sudo (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
We're in the process of migrating Lucid machines to Precise.
We have some puppet code that drops this file into /etc/sudoers.
Cmnd_Alias PUPPET = /usr/sbin/puppetd, /usr/bin/puppet
%sudo ALL = NOPASSWD: PUPPET
This works on Lucid, but on Precise if we run visudo -c -s we get
parse error in /etc/sudoers
Manually playing around to see what works/doesn't work, remove the Cmnd_Alias and reference the commands directly
%sudo ALL = NOPASSWD: /usr/sbin/puppetd, /usr/bin/puppet
^^ Works
Adding the command alias back in and trying each of these:
%sudo ALL = (ALL) NOPASSWD: PUPPET
%sudo ALL = (ALL:ALL) NOPASSWD: PUPPET
%sudo ALL = (root) NOPASSWD: PUPPET
root ALL = NOPASSWD: PUPPET
^^ All generate the same parse error.
Oddly enough, if we do this:
Cmnd_Alias BLAH = /usr/sbin/puppetd, /usr/bin/puppet
%sudo ALL = NOPASSWD: PUPPET
We get:
visudo: Warning: Cmnd_Alias `PUPPET' referenced but not defined
visudo: Error: unused Cmnd_Alias BLAH
parse error in /etc/sudoers
Which suggests in our default form, it can see that the PUPPET Cmnd_Alias exists. And know's we're referencing that COMMAND alias. But it just doesn't seem to work.
I think this is a bug with sudo in precise.
| Gary Richards (ashak) wrote | #1 |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in sudo (Ubuntu): | |
| status: | New → Confirmed |
| Gary Richards (ashak) wrote | #3 |
Oh, I also tried inlining the various above things into /etc/sudoers directly with the same results.
Our /etc/sudoers is the default precise /etc/sudoers file.