[sudo-users] Cmd_Alias conflict in include file

Bram Mertens mertensb.mazda at gmail.com
Tue Sep 11 05:15:40 EDT 2012


Hi,

I'm trying to set up something similar to the following from the
manual at http://www.gratisoft.us/sudo/sudoers.man.html.

 Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
                         /usr/local/bin/tcsh, /usr/bin/rsh, \
                         /usr/local/bin/zsh
 Cmnd_Alias     SU = /usr/bin/su

 jill           SERVERS = /usr/bin/, !SU, !SHELLS

For any machine in the SERVERS Host_Alias, jill may run any commands
in the directory /usr/bin except for those commands belonging to the
SU and SHELLS Cmnd_Aliases.

This works fine when I define this in /etc/sudoers but it fails when I
enter this in our /etc/sudoers.d/mazda file

[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting

I started with an alias SU but renamed it to SUCMD even though I
cannot find any conflict.

This works:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:Cmnd_Alias     SUCMD = /usr/bin/su
/etc/sudoers:%isop   ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:#Cmnd_Alias     SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:#%isop   ALL=(ALL) /usr/bin/, !SUCMD

This fails:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:#Cmnd_Alias     SUCMD = /usr/bin/su
/etc/sudoers:#%isop   ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:Cmnd_Alias     SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:%isop   ALL=(ALL) /usr/bin/, !SUCMD

[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting

Why can I not configure this in an include file?

[mertensb at localhost ~]$ sudo -V
Sudo version 1.7.4p5

This is on RHEL6.2

Regards

Bram Mertens



More information about the sudo-users mailing list