[augeas-devel] augeas: master - Sudoers: allow certain backslash-quoted characters in a command
David Lutterkort
lutter at fedoraproject.org
Thu Sep 17 19:08:01 UTC 2009
Gitweb: http://git.fedorahosted.org/git/augeas.git?p=augeas.git;a=commitdiff;h=5da91b6f0511db5107c643bf7863701d66b75cab
Commit: 5da91b6f0511db5107c643bf7863701d66b75cab
Parent: 2c83b509e79f3e859bbba7909e3e3769e1285164
Author: Matt Palmer <mpalmer at hezmatt.org>
AuthorDate: Thu Sep 17 12:05:19 2009 -0700
Committer: David Lutterkort <lutter at redhat.com>
CommitterDate: Thu Sep 17 12:05:19 2009 -0700
Sudoers: allow certain backslash-quoted characters in a command
Commands may contain backslashes by themselves and the two-char sequences
\\[=:,\\]
---
lenses/sudoers.aug | 6 ++----
lenses/tests/test_sudoers.aug | 13 +++++++++++++
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index f3d34c9..69d38ef 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -82,10 +82,8 @@ let sep_dquote = Util.del_str "\""
(* Group: Stores *)
(* Variable: sto_to_com_cmnd
-sto_to_com_cmnd does not begin or end with a space
-
-There could be a \ in the middle of a command *)
-let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\][^,=:#()\n]*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
+sto_to_com_cmnd does not begin or end with a space *)
+let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\]([^,=:#()\n\\\\]|\\\\[=:,\\\\])*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
(* Variable: sto_to_com
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index 561de85..ce61827 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -37,6 +37,8 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
localhost = NOPASSWD: /usr/bin/test
+secretaries ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+someuser ALL=(root) NOPASSWD: /usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log
"
test Sudoers.lns get conf =
@@ -131,6 +133,17 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
{ "host" = "ALPHA" }
{ "command" = "/usr/bin/su [!-]*" }
{ "command" = "!/usr/bin/su *root*" } } }
+ {}
+ { "spec"
+ { "user" = "someuser" }
+ { "host_group"
+ { "host" = "ALL" }
+ { "command" = "/usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log"
+ { "runas_user" = "root" }
+ { "tag" = "NOPASSWD" }
+ }
+ }
+ }
test Sudoers.parameter_integer_bool
put "umask = 022"
More information about the augeas-devel
mailing list