[augeas-devel] sudoers and requiretty

Chris dmagick at gmail.com
Thu Dec 8 03:38:56 UTC 2011 

Hi all,

I've been struggling with this for a few days and can't find anything of 
note that would explain it.

The requiretty option in the sudoers lens doesn't seem to work:

# augtool --version
augtool 0.9.0 <http://augeas.net/>
Copyright (C) 2009-2010 David Lutterkort
License LGPLv2+: GNU LGPL version 2.1 or later
                  <http://www.gnu.org/licenses/lgpl-2.1.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David Lutterkort

# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate !
augtool> save
error: Failed to execute command
error: saving failed (run 'print /augeas//error' for details)
augtool> print /augeas//error
/augeas/files/etc/sudoers/error = "put_failed"
/augeas/files/etc/sudoers/error/path = 
"/files/etc/sudoers/Defaults/requiretty"
/augeas/files/etc/sudoers/error/lens = 
"/usr/share/augeas/lenses/dist/sudoers.aug:289.29-290.54:"
/augeas/files/etc/sudoers/error/message = "Failed to match \n    { 
/negate/ }?\n  with tree\n    { \"negate\" = \"!\" }"
augtool>

If I use an empty string it works:

# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate ""
augtool> save
Saved 1 file(s)

# grep requiretty /etc/sudoers
Defaults    requiretty
# changed in order to be able to use sudo without a tty. See requiretty 
above.
Defaults:nrpe !requiretty


Though doing this through puppet still doesn't work. The full file is:

class sudo-test {
     # we need augeas to be able to modify the sudoers file but let 
custom changes stay.
     include augeas

     case $distro {
         default: {
             augeas{ "sudo-nrpe" :
                 context => "/files/etc/sudoers",
                 changes => [
                     "set \"spec[user='nrpe']/user\" nrpe",
                     "set \"spec[user='nrpe']/host_group/host\" ALL",
                     "set \"spec[user='nrpe']/host_group/command[1]\" 
/usr/local/sbin/tw_cli",
                     "set 
\"spec[user='nrpe']/host_group/command[1]/tag\" NOPASSWD",
                     "set \"spec[user='nrpe']/host_group/command[2]\" 
/opt/compaq/hpacucli/bld/hpacucli",
                     "set \"Defaults[type=':nrpe']/type\" :nrpe",
                     "set \"Defaults[type=':nrpe']/requiretty/negate\" !",
                 ],
              }
         }
     }
}

Regardless of what I put in the last line (empty quotes, !, "!", '!' 
etc) I always get:

debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with 
params ["/files/etc/sudoers/Defaults[type=':nrpe']/type", ":nrpe"]
debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with 
params ["/files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate", "!"]
err: //Node[server]/sudo-test/Augeas[sudo-nrpe]/returns: change from 
need_to_run to 0 failed: Save failed with return code false

Any suggestions welcome (including pointers to bugs with this already 
addressed).

Thanks!
-- 
Postgresql & php tutorials
http://www.designmagick.com/

More information about the augeas-devel mailing list