Bug 411

Summary: Wrong behaviour of # described in documentation.
Product: Sudo Reporter: Thomas Roth <code>
Component: DocumentationAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: code
Priority: normal    
Version: 1.7.3   
Hardware: PC   
OS: Linux   
Attachments: toke.l regular expression fix for sudo 1.7.2p6
Fix for comment parsing

Description Thomas Roth 2010-04-29 06:28:36 MDT 
This is either a bug in the documentation or a bug in sudo itself:

According to the manpage of sudoers:

The pound sign ('#') is used to indicate a comment (unless it is part of a #include directive or unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). Both the comment character and any text after it, up to the end of the line, are ignored.

But in sudo 1.6.8, 1.7.2p5, 1.7.2p6 and 1.7.3b1 the following sudoers line does not work:

testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar

It only works if a space is between the # and the comment:

testuser ALL=NOPASSWD: /usr/bin/wl # comment foo bar

(The first line does not work, sudo says that testuser is not allowed to execute the file, while the second one works as assumed.)

I think this is wrong behaviour (at least according to the documentation), so I hope this can get fixed either in the code or in the documentation.


A small documentation patch could look like this:

--- a/sudoers.cat
+++ b/sudoers.cat
@@ -519,7 +519,7 @@ SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
    Other special characters and reserved words
        The pound sign ('#') is used to indicate a comment (unless it is part
        of a #include directive or unless it occurs in the context of a user
-       name and is followed by one or more digits, in which case it is treated
+       name and is followed by one or more characters, in which case it is treated

But I think that doesn't make much sense, as an UID is always a number.

Kind regards,

Thomas Roth
Comment 1 Thomas Roth 2010-04-29 09:30:51 MDT 
Created attachment 272 [details]
toke.l regular expression fix for sudo 1.7.2p6

A small patch which removes the problem, but I'm pretty sure that this breaks something, even though I don't know what.
Comment 2 Todd C. Miller 2010-06-10 17:56:46 MDT 
Created attachment 274 [details]
Fix for comment parsing

I've attached a different fix that I have committed to the sudo mercurial repo.  The change will be present in sudo 1.7.3.
Comment 3 Todd C. Miller 2010-06-18 16:14:18 MDT 
Fixed in sudo 1.7.3.  Beta versions are out now, GA is due at the end of June.