[sudo-users] Parsing the sudoers file
Tim Bradshaw
tfb at tfeb.org
Tue Sep 17 05:33:13 MDT 2013
On 17 Sep 2013, at 02:21, Matthew Hannigan wrote:
> Try Augeas:
>
> http://augeas.net/docs/references/lenses/files/sudoers-aug.html
>
> I see a few bugs pop up from time to time on the augeas mailing list,
> but I think it's pretty solid.
Thanks for this. I spent some time last night realising there were a lot of edge cases that I did not know how to deal with at all, mostly around continuation lines and comments. As far as I can see augeas *also* doesn't really know how to deal with these, which reassures me that they are genuinely hard.
Unfortunately you can persuade augeas to generate syntactically illegal files: If you take a file which contains a comment like
#this is a comment
and replace the comment string in augtool by, say, "1234", then it will happily dump a file containing "#1234" which sudo will puke at. This *doesn't* work if you insert a new comment, because it is careful to put a space between the hash and the comment. There seems to be no way (based on pretty minimal playing with it, so I could easily be wrong) of telling from within augtool whether the comment you are looking at has a leading space: both comment strings are the same.
I should probably report this to the augeas people.
More information about the sudo-users
mailing list