Bugzilla – Bug 355
Sysntax errors if comment lines are present after User_Alias definitions
Last modified: 2009-07-28 14:23:30 MDT
For the readability of the sudoers file I have added some readable commented lines. Since Version 1.7.0 this fails and I get a syntax error near line <xx>. My sudoers file looks like this: #=============================================================================== # Host alias specification #=============================================================================== Host_Alias HOST = server1 # #=============================================================================== # Defaults specification #=============================================================================== Defaults syslog = auth # #=============================================================================== # User alias specification #=============================================================================== User_Alias SYSMGT = user1, \ user2 # User_Alias MONITOR = user3 # User_Alias LOCALADMIN = user4 # #============================================================================== # Cmnd alias specification #============================================================================== #------------------------------------------------------------------------------ # Allow list #------------------------------------------------------------------------------ Cmnd_Alias NDD = /usr/sbin/ndd, \ /sbin/ethtool # Cmnd_Alias IPMITOOL = /usr/bin/ipmitool, \ /usr/local/bin/ipmitool # #------------------------------------------------------------------------------ # Disallow list #------------------------------------------------------------------------------ # # Switch to super-user # Cmnd_Alias SUROOT = /usr/bin/su [-], \ /usr/bin/su [-] root, \ /bin/su [-], \ /bin/su [-] root # # # Disallow modification of sudo configuration # Cmnd_Alias VISUDO = /opt/csw/sbin/visudo, \ /usr/sbin/visudo # # # Disallow various shells # Cmnd_Alias SHELL = /usr/bin/*sh, \ /sbin/*sh, \ /usr/openwin/bin/xterm, \ /usr/dt/bin/dtterm, \ /usr/openwin/bin/cmdtool, \ /usr/openwin/bin/shelltool # #============================================================================== # User privilege specification #============================================================================== #------------------------------------------------------------------------------ # Default rule for root to be almighty #------------------------------------------------------------------------------ root HOST = (ALL) ALL # #------------------------------------------------------------------------------ # System administrators can do anything without a password #------------------------------------------------------------------------------ SYSMGT HOST = (ALL) NOPASSWD: ALL # #------------------------------------------------------------------------------ # Allow monitoring account to perform network check without a password #------------------------------------------------------------------------------ MONITOR HOST = (root) NOPASSWD: NDD, IPMITOOL # #------------------------------------------------------------------------------ # Local administrators have limited rights and need to authenticate #------------------------------------------------------------------------------ LOCALADMIN HOST = (ALL) NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL # #============================================================================== # End of sudoers file. #============================================================================== Errors during save are: "/opt/csw/etc/sudoers.tmp" 85 lines, 3922 characters >>> /opt/csw/etc/sudoers: syntax error near line 23 <<< >>> /opt/csw/etc/sudoers: syntax error near line 25 <<< >>> /opt/csw/etc/sudoers: syntax error near line 32 <<< >>> /opt/csw/etc/sudoers: syntax error near line 34 <<< >>> /opt/csw/etc/sudoers: syntax error near line 62 <<< >>> /opt/csw/etc/sudoers: syntax error near line 64 <<< >>> /opt/csw/etc/sudoers: syntax error near line 67 <<< >>> /opt/csw/etc/sudoers: syntax error near line 69 <<< >>> /opt/csw/etc/sudoers: syntax error near line 72 <<< >>> /opt/csw/etc/sudoers: syntax error near line 74 <<< >>> /opt/csw/etc/sudoers: syntax error near line 77 <<< >>> /opt/csw/etc/sudoers: syntax error near line 79 <<< What now? It all works fine if saved like this: #=============================================================================== # Host alias specification #=============================================================================== Host_Alias HOST = server1 # #=============================================================================== # Defaults specification #=============================================================================== Defaults syslog = auth # #=============================================================================== # User alias specification #=============================================================================== User_Alias SYSMGT = user1, \ user2 # User_Alias MONITOR = user3 # User_Alias LOCALADMIN = user4 # ##============================================================================== ## Cmnd alias specification ##============================================================================== ##------------------------------------------------------------------------------ ## Allow list ##------------------------------------------------------------------------------ Cmnd_Alias NDD = /usr/sbin/ndd, \ /sbin/ethtool # Cmnd_Alias IPMITOOL = /usr/bin/ipmitool, \ /usr/local/bin/ipmitool # ##------------------------------------------------------------------------------ ## Disallow list ##------------------------------------------------------------------------------ # # Switch to super-user # Cmnd_Alias SUROOT = /usr/bin/su [-], \ /usr/bin/su [-] root, \ /bin/su [-], \ /bin/su [-] root # # # Disallow modification of sudo configuration # Cmnd_Alias VISUDO = /opt/csw/sbin/visudo, \ /usr/sbin/visudo # # # Disallow various shells # Cmnd_Alias SHELL = /usr/bin/*sh, \ /sbin/*sh, \ /usr/openwin/bin/xterm, \ /usr/dt/bin/dtterm, \ /usr/openwin/bin/cmdtool, \ /usr/openwin/bin/shelltool # ##============================================================================== ## User privilege specification ##============================================================================== ##------------------------------------------------------------------------------ ## Default rule for root to be almighty ##------------------------------------------------------------------------------ root HOST = (ALL) ALL # ##------------------------------------------------------------------------------ ## System administrators can do anything without a password ##------------------------------------------------------------------------------ SYSMGT HOST = (ALL) NOPASSWD: ALL # ##------------------------------------------------------------------------------ ## Allow monitoring account to perform network check without a password ##------------------------------------------------------------------------------ MONITOR HOST = (root) NOPASSWD: NDD, IPMITOOL # ##------------------------------------------------------------------------------ ## Local administrators have limited rights and need to authenticate ##------------------------------------------------------------------------------ LOCALADMIN HOST = (ALL) NOEXEC: ALL,!SUROOT,!VISUDO,!SHELL # ##============================================================================== ## End of sudoers file. ##============================================================================== Is this an error in the rewritten parser or due to the introduction of #include functionality?
This was fixed in sudo 1.7.1