Red Hat Bugzilla – Bug 580438
Regression: sudoers parsing fails with Defaults_Type target including "!user"
Last modified: 2011-01-13 18:07:54 EST
Description of problem:
When using a "!user" in User_List in a Default_Type, sudo and visudo fail parsing sudoers.
Version-Release number of selected component (if applicable):
Bug does appear in sudo-1.7.2p1-5.el5 (as in RHEL5.5),
does not appear in sudo-1.6.9p17-5.el5 (as in RHEL5.4).
Steps to Reproduce:
1. Add in sudoers:
2. Execute as any user:
$ sudo ls
3. Replace lines from step 1 in sudoers by:
4. Repeat step 2.
First alternative is accepted, second fails with the following error:
>>> /etc/sudoers: syntax error near line 62 <<<
sudo: parse error in /etc/sudoers near line 64
sudo: no valid sudoers sources found, quitting
Both alternatives should be accepted.
This situation is compatible with the sudoers grammar, as defined in the manpage. Extract:
Default_Type ::= 'Defaults' |
'Defaults' '@' Host_List |
'Defaults' ':' User_List |
'Defaults' '!' Cmnd_List |
'Defaults' '>' Runas_List
User_List ::= User |
User ',' User_List
User ::= '!'* username |
'!'* '#'uid |
'!'* '%'group |
'!'* '+'netgroup |
'!'* '%:'nonunix_group |
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Due to an incorrect definition of a lexical analyzer rule, using a negated user-specific "Defaults" directive failed with a parse error. With this update, such directives are now parsed as expected.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.