[Bug 1131704] [NEW] Sudo Cmnd_Alias doesn't seem to work in precise

Gary Richards gary_launchpad at dsnine.co.uk
Fri Feb 22 11:43:40 UTC 2013 

Public bug reported:

We're in the process of migrating Lucid machines to Precise.

We have some puppet code that drops this file into /etc/sudoers.d/50_puppet
Cmnd_Alias PUPPET = /usr/sbin/puppetd, /usr/bin/puppet
%sudo ALL = NOPASSWD: PUPPET

This works on Lucid, but on Precise if we run visudo -c -s we get
parse error in /etc/sudoers

Manually playing around to see what works/doesn't work, remove the Cmnd_Alias and reference the commands directly
%sudo ALL = NOPASSWD: /usr/sbin/puppetd, /usr/bin/puppet
^^ Works

Adding the command alias back in and trying each of these:
%sudo ALL = (ALL) NOPASSWD: PUPPET
%sudo ALL = (ALL:ALL) NOPASSWD: PUPPET
%sudo ALL = (root) NOPASSWD: PUPPET
root ALL = NOPASSWD: PUPPET
^^ All generate the same parse error.

Oddly enough, if we do this:
Cmnd_Alias BLAH = /usr/sbin/puppetd, /usr/bin/puppet
%sudo ALL = NOPASSWD: PUPPET
We get:
visudo: Warning: Cmnd_Alias `PUPPET' referenced but not defined
visudo: Error: unused Cmnd_Alias BLAH
parse error in /etc/sudoers

Which suggests in our default form, it can see that the PUPPET
Cmnd_Alias exists. And know's we're referencing that COMMAND alias. But
it just doesn't seem to work.

I think this is a bug with sudo in precise.

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1131704

Title:
  Sudo Cmnd_Alias doesn't seem to work in precise

Status in “sudo” package in Ubuntu:
  New

Bug description:
  We're in the process of migrating Lucid machines to Precise.

  We have some puppet code that drops this file into /etc/sudoers.d/50_puppet
  Cmnd_Alias PUPPET = /usr/sbin/puppetd, /usr/bin/puppet
  %sudo ALL = NOPASSWD: PUPPET

  This works on Lucid, but on Precise if we run visudo -c -s we get
  parse error in /etc/sudoers

  Manually playing around to see what works/doesn't work, remove the Cmnd_Alias and reference the commands directly
  %sudo ALL = NOPASSWD: /usr/sbin/puppetd, /usr/bin/puppet
  ^^ Works

  Adding the command alias back in and trying each of these:
  %sudo ALL = (ALL) NOPASSWD: PUPPET
  %sudo ALL = (ALL:ALL) NOPASSWD: PUPPET
  %sudo ALL = (root) NOPASSWD: PUPPET
  root ALL = NOPASSWD: PUPPET
  ^^ All generate the same parse error.

  Oddly enough, if we do this:
  Cmnd_Alias BLAH = /usr/sbin/puppetd, /usr/bin/puppet
  %sudo ALL = NOPASSWD: PUPPET
  We get:
  visudo: Warning: Cmnd_Alias `PUPPET' referenced but not defined
  visudo: Error: unused Cmnd_Alias BLAH
  parse error in /etc/sudoers

  Which suggests in our default form, it can see that the PUPPET
  Cmnd_Alias exists. And know's we're referencing that COMMAND alias.
  But it just doesn't seem to work.

  I think this is a bug with sudo in precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1131704/+subscriptions

More information about the foundations-bugs mailing list