[augeas-devel] sudoers lens not working

Raphaël Pinson raphink at gmail.com
Fri Mar 20 16:29:25 UTC 2009 

On Fri, Mar 20, 2009 at 2:26 PM, Frank Sweetser <fs at wpi.edu> wrote:

> Robin Lee Powell wrote:
>
> > That means that augeas can't parse it.  Look under
> > "/augeas/files/etc/sudoers/" to see why, although I've gotta say
> > that Augeas' parse errors are generally entirely unhelpful:
> >
> > augtool> ls /augeas/files/etc/sudoers/error/
> > pos = 2587
> > message = Short iteration
>
> Okay, now we're getting somewhere!  I get a similar message with a
> different
> offset:
>
> augtool> ls /augeas/files/etc/sudoers/error/
> pos = 1848
> message = Short iteration
>
> > It's the one thing I don't like about it.  At least give me a line
> > number.  :(
>
> Sometimes the old tools are still the best ones =)
>
> [root at trapeze etc]# dd if=/etc/sudoers bs=1 skip=1848 | head -10
> Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
>                   LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
>                   LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
>                   LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC
> \
>                   LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
>                   _XKB_CHARSET XAUTHORITY"
>
> ## Next comes the main part: which users can run what software on
> ## which machines (the sudoers file can be shared between multiple
> ## systems).
>
> If I remove the escapes and put it all on one line, everything works
> perfectly, so I guess that the lens can't handle the multiline string.
>


That's right. I manage to get the lens to understand multiline
configuration, but not multiline strings. The problem (from my
understanding) lies in the fact that Augeas is not an imperative parser. Let
me explain.

The official sudoers parser is imperative and removes "\\\n" before even
trying to parse the file, so it doesn't even have to understand it.
The Augeas lens can't work this way, because it tries to parse the whole
file as a big string and match it against a huge regexp which describes the
sudoers format. The lens understands that "\\\n" can be used as a separator
between fields, but it has no idea what to do with it inside fields.

I'm actually guessing that even something like

Def\
aults  env_k\
eep = "COLORS DISPLAY HOSTNAME"

might work with the official parser, while Augeas has absolutely no way (at
least as it is today) to understand that "Def\\\naults" actually stands for
a multiline "Defaults" entry.


Is this expected behaviour, or should I file a bug report?


As it is, it is the expected behaviour of the lens because I found no
workaround for this. You could file a bug, although there is absolutely no
garantee that I can fix this. In the best situation I can think of, I could
add "\" and "\n" as authorized characters within value fields, so they would
appear as such in the value.



Raphaël





>
> --
> Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution
> that
> WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL
> Mencken
>    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC
>
> _______________________________________________
> augeas-devel mailing list
> augeas-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/augeas-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20090320/758a6988/attachment.htm>

More information about the augeas-devel mailing list