[sudo-users] alias conflicts in included files

Dempsey, Steve AZ steve.az.dempsey at intel.com
Thu May 12 14:22:59 EDT 2011

We encountered a problem where an update to an included
file caused sudo to fail and become unusable - the same
Cmnd_Alias was defined in both places:

    % sudo pwd
    >>> /etc/sudo.d/sudoers.global: Alias `ROOTSH' already defined near line 280 <<<
    sudo: parse error in /etc/sudo.d/sudoers.global near line 280
    sudo: no valid sudoers sources found, quitting

This happened because the sudoers.global is shared by clients
that have different base sudoers files.  It passed visudo on
one client and was syntactically correct without visibility
to the other client's conflicting local alias.

Included files are usually ignored when there is something bad
like a syntax error or the file is absent/unreadable.
Is this the intended failure mode?

The short term solution for us is to put some unique prefix
on any aliases defined in the global file to avoid collisions.


More information about the sudo-users mailing list