[augeas-devel] sudoers and requiretty

Raphaël Pinson raphink at gmail.com
Thu Dec 8 22:45:08 UTC 2011 

On Thu, Dec 8, 2011 at 11:35 PM, Chris <dmagick at gmail.com> wrote:
> On 08/12/11 20:06, Michael Chapman wrote:
>>
>> On Thu, 8 Dec 2011, Chris wrote:
>>>
>>> If I use an empty string it works:
>>>
>>> # augtool
>>> augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
>>> augtool> set
>>> /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate ""
>>> augtool> save
>>> Saved 1 file(s)
>>
>>
>> Hi Chris,
>>
>> The "requiretty" tree node can also be created with an explicitly null
>> value:
>>
>> augtool> clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
>>
>> At the moment Augeas doesn't treat an empty string and a null value any
>> differently, though it's probably a good idea if you try to keep them
>> separate.
>>
>> This "clear" command should be able to be used directly in your Puppet
>> manifest.
>
>
> That worked, thanks!
>
> Any idea when that change happened? (I've been looking, but I haven't been
> able to find it).
>
> We've got an older version on centos5 machines (so old augtool doesn't have
> a --version option) and the old syntax was working:
>
> # augtool --version
> augtool: unrecognized option `--version'
>
> # rpm -qi augeas
> Name        : augeas                       Relocations: (not relocatable)
> Version     : 0.5.0                             Vendor: (none)
>
>
> # augtool
> augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
> augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate !
>
> augtool> save
> Saved 1 file(s)
> augtool>
>
>
> # grep requiretty /etc/sudoers
> Defaults    requiretty
> # changed in order to be able to use sudo without a tty. See requiretty
> above.
> Defaults:nrpe !requiretty


0.5.0 was released on the 25th of March, 2009, in the morning.

The very same day, several changes were made to sudoers.aug involving
the negate node:


commit 468976635238ce814d954b7d44df3b7b41121f87
Author: David Lutterkort <lutter at redhat.com>
Date:   Wed Mar 25 12:21:44 2009 -0700

    Sudoers: produce at most one negate node

    Even if there are multiple '!' signs, only produce one negate node.

commit c35ad5aef2069b39472e209c8700e13706bef8fe
Author: Raphael Pinson <raphink at gmail.com>
Date:   Wed Mar 25 09:36:01 2009 -0700

    Sudoers: fix ticket #48

    * make a difference between boolean and non boolean values for integers and
      strings
    * allow multiple negate flags (odd/even numbers change the behaviour)
    * add optional double quotes to integer and string field

    Bug reported by Frank Sweetser


In fact, this one _introduced_ the negate flag, which should then have
been absent from 0.5.0 as far as I can tell.


Raphaël

More information about the augeas-devel mailing list