On Fri, Mar 20, 2009 at 2:26 PM, Frank Sweetser <fs wpi edu>
Robin Lee Powell wrote:Okay, now we're getting somewhere! I get a similar message with a different
> That means that augeas can't parse it. Look under
> "/augeas/files/etc/sudoers/" to see why, although I've gotta say
> that Augeas' parse errors are generally entirely unhelpful:
> augtool> ls /augeas/files/etc/sudoers/error/
> pos = 2587
> message = Short iteration
pos = 1848
augtool> ls /augeas/files/etc/sudoers/error/
message = Short iterationSometimes the old tools are still the best >
> It's the one thing I don't like about it. At least give me a line
> number. :(
[root trapeze etc]# dd if=/etc/sudoers bs=1 skip=1848 | head -10
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
If I remove the escapes and put it all on one line, everything works
perfectly, so I guess that the lens can't handle the multiline string.
That's right. I manage to get the lens to understand multiline configuration, but not multiline strings. The problem (from my understanding) lies in the fact that Augeas is not an imperative parser. Let me explain.
The official sudoers parser is imperative and removes "\\\n" before even trying to parse the file, so it doesn't even have to understand it.
The Augeas lens can't work this way, because it tries to parse the whole file as a big string and match it against a huge regexp which describes the sudoers format. The lens understands that "\\\n" can be used as a separator between fields, but it has no idea what to do with it inside fields.
I'm actually guessing that even something like
eep = "COLORS DISPLAY HOSTNAME"
might work with the official parser, while Augeas has absolutely no way (at least as it is today) to understand that "Def\\\naults" actually stands for a multiline "Defaults" entry.
Is this expected behaviour, or should I file a bug report?
As it is, it is the expected behaviour of the lens because I found no workaround for this. You could file a bug, although there is absolutely no garantee that I can fix this. In the best situation I can think of, I could add "\" and "\n" as authorized characters within value fields, so they would appear as such in the value.
Frank Sweetser fs at wpi.edu
| For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC