[sudo-users] Cmd_Alias conflict in include file
Bram Mertens
mertensb.mazda at gmail.com
Tue Sep 11 05:15:40 EDT 2012
Hi,
I'm trying to set up something similar to the following from the
manual at http://www.gratisoft.us/sudo/sudoers.man.html.
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
jill SERVERS = /usr/bin/, !SU, !SHELLS
For any machine in the SERVERS Host_Alias, jill may run any commands
in the directory /usr/bin except for those commands belonging to the
SU and SHELLS Cmnd_Aliases.
This works fine when I define this in /etc/sudoers but it fails when I
enter this in our /etc/sudoers.d/mazda file
[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting
I started with an alias SU but renamed it to SUCMD even though I
cannot find any conflict.
This works:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers:%isop ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:#Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:#%isop ALL=(ALL) /usr/bin/, !SUCMD
This fails:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:#Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers:#%isop ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:%isop ALL=(ALL) /usr/bin/, !SUCMD
[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting
Why can I not configure this in an include file?
[mertensb at localhost ~]$ sudo -V
Sudo version 1.7.4p5
This is on RHEL6.2
Regards
Bram Mertens
More information about the sudo-users
mailing list