[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[augeas-devel] sudoers and requiretty



Hi all,

I've been struggling with this for a few days and can't find anything of note that would explain it.

The requiretty option in the sudoers lens doesn't seem to work:

# augtool --version
augtool 0.9.0 <http://augeas.net/>
Copyright (C) 2009-2010 David Lutterkort
License LGPLv2+: GNU LGPL version 2.1 or later
                 <http://www.gnu.org/licenses/lgpl-2.1.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David Lutterkort

# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate !
augtool> save
error: Failed to execute command
error: saving failed (run 'print /augeas//error' for details)
augtool> print /augeas//error
/augeas/files/etc/sudoers/error = "put_failed"
/augeas/files/etc/sudoers/error/path = "/files/etc/sudoers/Defaults/requiretty" /augeas/files/etc/sudoers/error/lens = "/usr/share/augeas/lenses/dist/sudoers.aug:289.29-290.54:" /augeas/files/etc/sudoers/error/message = "Failed to match \n { /negate/ }?\n with tree\n { \"negate\" = \"!\" }"
augtool>

If I use an empty string it works:

# augtool
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
augtool> set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate ""
augtool> save
Saved 1 file(s)

# grep requiretty /etc/sudoers
Defaults    requiretty
# changed in order to be able to use sudo without a tty. See requiretty above.
Defaults:nrpe !requiretty


Though doing this through puppet still doesn't work. The full file is:

class sudo-test {
# we need augeas to be able to modify the sudoers file but let custom changes stay.
    include augeas

    case $distro {
        default: {
            augeas{ "sudo-nrpe" :
                context => "/files/etc/sudoers",
                changes => [
                    "set \"spec[user='nrpe']/user\" nrpe",
                    "set \"spec[user='nrpe']/host_group/host\" ALL",
"set \"spec[user='nrpe']/host_group/command[1]\" /usr/local/sbin/tw_cli", "set \"spec[user='nrpe']/host_group/command[1]/tag\" NOPASSWD", "set \"spec[user='nrpe']/host_group/command[2]\" /opt/compaq/hpacucli/bld/hpacucli",
                    "set \"Defaults[type=':nrpe']/type\" :nrpe",
                    "set \"Defaults[type=':nrpe']/requiretty/negate\" !",
                ],
             }
        }
    }
}

Regardless of what I put in the last line (empty quotes, !, "!", '!' etc) I always get:

debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with params ["/files/etc/sudoers/Defaults[type=':nrpe']/type", ":nrpe"] debug: Augeas[sudo-nrpe](provider=augeas): sending command 'set' with params ["/files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate", "!"] err: //Node[server]/sudo-test/Augeas[sudo-nrpe]/returns: change from need_to_run to 0 failed: Save failed with return code false

Any suggestions welcome (including pointers to bugs with this already addressed).

Thanks!
--
Postgresql & php tutorials
http://www.designmagick.com/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]