some questions/observations about sudo
Robert P. J. Day
rpjday at mindspring.com
Mon Sep 22 04:46:58 EDT 2003
a couple questions about sudo, and some comments on the man page for
sudoers, which could be fixed to make it a bit clearer. (my version
is sudo-1.6.7p5-2 under the latest red hat beta).
man page (very top)
"The sudoers file is composed of two types of entries: aliases (basi-
cally variables) and user specifications (which specify who may run
not really, it also contains the "Defaults" entries, no? those
don't seem to qualify as either of these two categories.
User_List ::= User |
User , User_List
User ::= â!â* username |
â!â* â% group |
â!â* â+ânetgroup |
A User_List is made up of one or more usernames, uids (prefixed
with # .....
a couple observations. first, the ENNF for a User_List could just
have easily have been written as
User_List ::= User (, User)*
which would seem to be simpler and more obvious. in fact, a later
production in the same man page uses this format.
second observation is that the rule doesn't mention the #UIDs, which
are referred to immediately below. (just below that, the Runas_User
rule claims that it differs from a User in that it supports #UIDs. so
there's definitely some confusion here.)
man page : Defaults
the rules for Default_Type, Default_Entry and Parameter do not define
the "Parameter_List" rule.
also, it would be useful to have more examples of parameters and
parameter lists. for instance, there isn't a single example of how to
use the += and -= operators for lists, which would be *really* handy,
as i'm still not sure what i'd do with those operators. a single example
would go a long way to clearing that up.
More information about the sudo-users