[sudo-users] Cmd_Alias conflict in include file
Stier, Matthew
Matthew.Stier at us.fujitsu.com
Tue Sep 11 06:51:53 EDT 2012
Strange, but the output of the grep for "works" and "fails" appears to be identical.
-----Original Message-----
From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Bram Mertens
Sent: Tuesday, September 11, 2012 5:16 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] Cmd_Alias conflict in include file
Hi,
I'm trying to set up something similar to the following from the
manual at http://www.gratisoft.us/sudo/sudoers.man.html.
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
jill SERVERS = /usr/bin/, !SU, !SHELLS
For any machine in the SERVERS Host_Alias, jill may run any commands
in the directory /usr/bin except for those commands belonging to the
SU and SHELLS Cmnd_Aliases.
This works fine when I define this in /etc/sudoers but it fails when I
enter this in our /etc/sudoers.d/mazda file
[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting
I started with an alias SU but renamed it to SUCMD even though I
cannot find any conflict.
This works:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers:%isop ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:#Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:#%isop ALL=(ALL) /usr/bin/, !SUCMD
This fails:
[root at localhost ~]# grep SUCMD /etc/sudoers* /etc/sudoers*/*
/etc/sudoers:#Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers:#%isop ALL=(ALL) /usr/bin/, !SUCMD
/etc/sudoers.d/mazda:Cmnd_Alias SUCMD = /usr/bin/su
/etc/sudoers.d/mazda:%isop ALL=(ALL) /usr/bin/, !SUCMD
[mertensb at localhost ~]$ sudo -l
>>> /etc/sudoers.d/mazda: Alias `SUCMD' already defined near line 5 <<<
sudo: parse error in /etc/sudoers.d/mazda near line 5
sudo: no valid sudoers sources found, quitting
Why can I not configure this in an include file?
[mertensb at localhost ~]$ sudo -V
Sudo version 1.7.4p5
This is on RHEL6.2
Regards
Bram Mertens
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list