Description of problem: When using a "!user" in User_List in a Default_Type, sudo and visudo fail parsing sudoers. Version-Release number of selected component (if applicable): Bug does appear in sudo-1.7.2p1-5.el5 (as in RHEL5.5), does not appear in sudo-1.6.9p17-5.el5 (as in RHEL5.4). How reproducible: Anywhere anytime. Steps to Reproduce: 1. Add in sudoers: Defaults: requiretty Defaults:user !requiretty 2. Execute as any user: $ sudo ls 3. Replace lines from step 1 in sudoers by: Defaults:!user requiretty 4. Repeat step 2. Actual results: First alternative is accepted, second fails with the following error: >>> /etc/sudoers: syntax error near line 62 <<< sudo: parse error in /etc/sudoers near line 64 sudo: no valid sudoers sources found, quitting Expected results: Both alternatives should be accepted. Additional info: This situation is compatible with the sudoers grammar, as defined in the manpage. Extract: Default_Type ::= 'Defaults' | 'Defaults' '@' Host_List | 'Defaults' ':' User_List | 'Defaults' '!' Cmnd_List | 'Defaults' '>' Runas_List User_List ::= User | User ',' User_List User ::= '!'* username | '!'* '#'uid | '!'* '%'group | '!'* '+'netgroup | '!'* '%:'nonunix_group | '!'* User_Alias
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Due to an incorrect definition of a lexical analyzer rule, using a negated user-specific "Defaults" directive failed with a parse error. With this update, such directives are now parsed as expected.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0079.html