[sudo-workers] Meaning of sudoers_locale option

Todd C. Miller Todd.Miller at courtesan.com
Wed Jul 20 14:27:56 MDT 2016 

On Mon, 04 Jul 2016 11:02:43 -0400, Tomas Sykora wrote:

> I was working on this problem: https://bugzilla.sudo.ws/show_bug.cgi?id=748
> 
> The fix seems OK, but I noticed that the option sudoers_locale
> probably does not work as described in man pages: Locale to use
> when parsing the sudoe rs file, logging commands, and sending email.
> Note that changing the locale may affect how sudoers is interpreted.
> Defaults to "C".
>
> When these default values are used in sudoers file:
> Defaults    sudoers_locale = cs_CZ.UTF-8
> Defaults    passwd_timeout = 0,1
> 
> sudo returns this error:
> >>> /etc/sudoers: syntax error near line 58 <<<
> sudo: parse error in /etc/sudoers near line 58
> sudo: no valid sudoers sources found, quitting
> sudo: unable to initialize policy plugin

Because sudo uses commas in the sudoers grammar itself you'll need
to quote them, e.g.:

Defaults    passwd_timeout = "0,1"

> When I set 'cs_CZ.UTF-8' locale to parse the file, '1,0' should be
> a valid value.  The problem seems to be in a grammar which is used
> by the parser, I'm not sure if I am free to change it.
>
> Another question is that if '1,0' even passed through the parser,
> the position of
>
> 'Defaults    sudoers_locale = cs_CZ.UTF-8' in the sudoers file must
> matter, because Defaults are loaded from the top to the bottom of the
> file, so :
> 
> Defaults    sudoers_locale = cs_CZ.UTF-8
> Defaults    passwd_timeout = 0,1
> 
> theoretically would pass but :
> 
> Defaults    passwd_timeout = 0,1
> Defaults    sudoers_locale = cs_CZ.UTF-8
> 
> would not. Shouldn't it be mentioned in the documentation that the
> position of 'sudoers_locale' matters or even that it must be placed
> to the beginning of the sudoers file so as it would behave according
> to the man pages description mentioned above? I wasn't sure about
> it, that's why I'm asking.

I recently committed changes to set the locale before parsing other
Defaults settings.  See https://www.sudo.ws/repos/sudo/rev/32062737a1ae
as well as the follow-up commits.  With sudo trunk I am able to use:

Defaults    passwd_timeout = 0,1
Defaults    sudoers_locale = cs_CZ.UTF-8

and it behaves as expected.  There are still some locale issues to
be fixed for sudo 1.8.18 though.

 - todd

More information about the sudo-workers mailing list