[Bug 1131704] Re: Sudo Cmnd_Alias doesn't seem to work in precise

[Gary Richards]

Oh, I also tried inlining the various above things into /etc/sudoers
directly with the same results.

Our /etc/sudoers is the default precise /etc/sudoers file.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1131704

Title:
  Sudo Cmnd_Alias doesn't seem to work in precise

Status in “sudo” package in Ubuntu:
  Confirmed

Bug description:
  We're in the process of migrating Lucid machines to Precise.

  We have some puppet code that drops this file into /etc/sudoers.d/50_puppet
  Cmnd_Alias PUPPET = /usr/sbin/puppetd, /usr/bin/puppet
  %sudo ALL = NOPASSWD: PUPPET

  This works on Lucid, but on Precise if we run visudo -c -s we get
  parse error in /etc/sudoers

  Manually playing around to see what works/doesn't work, remove the Cmnd_Alias and reference the commands directly
  %sudo ALL = NOPASSWD: /usr/sbin/puppetd, /usr/bin/puppet
  ^^ Works

  Adding the command alias back in and trying each of these:
  %sudo ALL = (ALL) NOPASSWD: PUPPET
  %sudo ALL = (ALL:ALL) NOPASSWD: PUPPET
  %sudo ALL = (root) NOPASSWD: PUPPET
  root ALL = NOPASSWD: PUPPET
  ^^ All generate the same parse error.

  Oddly enough, if we do this:
  Cmnd_Alias BLAH = /usr/sbin/puppetd, /usr/bin/puppet
  %sudo ALL = NOPASSWD: PUPPET
  We get:
  visudo: Warning: Cmnd_Alias `PUPPET' referenced but not defined
  visudo: Error: unused Cmnd_Alias BLAH
  parse error in /etc/sudoers

  Which suggests in our default form, it can see that the PUPPET
  Cmnd_Alias exists. And know's we're referencing that COMMAND alias.
  But it just doesn't seem to work.

  I think this is a bug with sudo in precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1131704/+subscriptions