[augeas-devel] sudoers and requiretty

Chris dmagick at gmail.com
Thu Dec 8 23:30:07 UTC 2011 

On 09/12/11 09:45, Raphaël Pinson wrote:
> On Thu, Dec 8, 2011 at 11:35 PM, Chris<dmagick at gmail.com>  wrote:
>> On 08/12/11 20:06, Michael Chapman wrote:
>>>
>>> On Thu, 8 Dec 2011, Chris wrote:
>>>>
>>>> If I use an empty string it works:
>>>>
>>>> # augtool
>>>> augtool>  set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
>>>> augtool>  set
>>>> /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate ""
>>>> augtool>  save
>>>> Saved 1 file(s)
>>>
>>>
>>> Hi Chris,
>>>
>>> The "requiretty" tree node can also be created with an explicitly null
>>> value:
>>>
>>> augtool>  clear /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate
>>>
>>> At the moment Augeas doesn't treat an empty string and a null value any
>>> differently, though it's probably a good idea if you try to keep them
>>> separate.
>>>
>>> This "clear" command should be able to be used directly in your Puppet
>>> manifest.
>>
>>
>> That worked, thanks!
>>
>> Any idea when that change happened? (I've been looking, but I haven't been
>> able to find it).
>>
>> We've got an older version on centos5 machines (so old augtool doesn't have
>> a --version option) and the old syntax was working:
>>
>> # augtool --version
>> augtool: unrecognized option `--version'
>>
>> # rpm -qi augeas
>> Name        : augeas                       Relocations: (not relocatable)
>> Version     : 0.5.0                             Vendor: (none)
>>
>>
>> # augtool
>> augtool>  set /files/etc/sudoers/Defaults[type=':nrpe']/type :nrpe
>> augtool>  set /files/etc/sudoers/Defaults[type=':nrpe']/requiretty/negate !
>>
>> augtool>  save
>> Saved 1 file(s)
>> augtool>
>>
>>
>> # grep requiretty /etc/sudoers
>> Defaults    requiretty
>> # changed in order to be able to use sudo without a tty. See requiretty
>> above.
>> Defaults:nrpe !requiretty
>
>
> 0.5.0 was released on the 25th of March, 2009, in the morning.
>
> The very same day, several changes were made to sudoers.aug involving
> the negate node:
>
>
> commit 468976635238ce814d954b7d44df3b7b41121f87
> Author: David Lutterkort<lutter at redhat.com>
> Date:   Wed Mar 25 12:21:44 2009 -0700
>
>      Sudoers: produce at most one negate node
>
>      Even if there are multiple '!' signs, only produce one negate node.
>
> commit c35ad5aef2069b39472e209c8700e13706bef8fe
> Author: Raphael Pinson<raphink at gmail.com>
> Date:   Wed Mar 25 09:36:01 2009 -0700
>
>      Sudoers: fix ticket #48
>
>      * make a difference between boolean and non boolean values for integers and
>        strings
>      * allow multiple negate flags (odd/even numbers change the behaviour)
>      * add optional double quotes to integer and string field
>
>      Bug reported by Frank Sweetser
>
>
> In fact, this one _introduced_ the negate flag, which should then have
> been absent from 0.5.0 as far as I can tell.

Thanks, that gives me a starting place to look :)

-- 
Postgresql & php tutorials
http://www.designmagick.com/

More information about the augeas-devel mailing list