[augeas-devel] sudoers and requiretty
Chris
dmagick at gmail.com
Thu Dec 8 03:38:56 UTC 2011
Hi all,
I've been struggling with this for a few days and can't find anything of
note that would explain it.
The requiretty option in the sudoers lens doesn't seem to work:
# augtool --version
augtool 0.9.0 <http://augeas.net/>
Copyright (C) 2009-2010 David Lutterkort
License LGPLv2+: GNU LGPL version 2.1 or later
<http://www.gnu.org/licenses/lgpl-2.1.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by David Lutterkort
# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate !
augtool> save
error: Failed to execute command
error: saving failed (run 'print /augeas//error' for details)
augtool> print /augeas//error
/augeas/files/etc/sudoers/error = "put_failed"
/augeas/files/etc/sudoers/error/path =
"/files/etc/sudoers/Defaults/requiretty"
/augeas/files/etc/sudoers/error/lens =
"/usr/share/augeas/lenses/dist/sudoers.aug:289.29-290.54:"
/augeas/files/etc/sudoers/error/message = "Failed to match \n {
/negate/ }?\n with tree\n { \"negate\" = \"!\" }"
augtool>
If I use an empty string it works:
# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate ""
augtool> save
Saved 1 file(s)
# grep requiretty /etc/sudoers
Defaults requiretty
# changed in order to be able to use sudo without a tty. See requiretty
above.
Defaults:nrpe !requiretty
Though doing this through puppet still doesn't work. The full file is:
class sudo-test {
# we need augeas to be able to modify the sudoers file but let
custom changes stay.
include augeas
case $distro {
default: {
augeas{ "sudo-nrpe" :
context => "/files/etc/sudoers",
changes => [
"set \"spec[user='nrpe']/user\" nrpe",
"set \"spec[user='nrpe']/host_group/host\" ALL",
"set \"spec[user='nrpe']/host_group/command[1]\"
/usr/local/sbin/tw_cli",
"set
\"spec[user='nrpe']/host_group/command[1]/tag\" NOPASSWD",
"set \"spec[user='nrpe']/host_group/command[2]\"
/opt/compaq/hpacucli/bld/hpacucli",
"set \"Defaults[type=':nrpe']/type\" :nrpe",
"set \"Defaults[type=':nrpe']/requiretty/negate\" !",
],
}
}
}
}
Regardless of what I put in the last line (empty quotes, !, "!", '!'
etc) I always get:
debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with
params ["/files/etc/sudoers/Defaults[type=':nrpe']/type", ":nrpe"]
debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with
params ["/files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate", "!"]
err: //Node[server]/sudo-test/Augeas[sudo-nrpe]/returns: change from
need_to_run to 0 failed: Save failed with return code false
Any suggestions welcome (including pointers to bugs with this already
addressed).
Thanks!
--
Postgresql & php tutorials
http://www.designmagick.com/
More information about the augeas-devel
mailing list