`visudo ` : `-f` option might cause `parse error` even if the file is saved successfully.
Closed this issue · 1 comments
Issue
visudo -f
does not raise errors even if the same alias names of Cmnd_Alias
are defined in /etc/sudoers
or /etc/sudoers.d/*
.
After duplicating alias name definition of Cmnd_Alias
, sudo
fails like this error message.
sudo: parse error in /etc/sudoers near line 31
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Reproducibility
- exec
sudo visudo
and add last two lines at the end of the/etc/sudoers
.
:
#includedir /etc/sudoers.d
Cmnd_Alias USERCOMMANDS = /usr/bin/hostname
cameong1 ALL=USERCOMMANDS
- exec
sudo visudo -f /etc/sudoers.d/cameong2
and add following two lines to/etc/sudoers.d/cameong2
.
Cmnd_Alias USERCOMMANDS = /usr/bin/hostname
cameong2 ALL=USERCOMMANDS
- execute
sudo
command, then the following error occurs and fails.
>>> /etc/sudoers: Alias "USERCOMMANDS" already defined near line 32 <<<
sudo: parse error in /etc/sudoers near line 32
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Execution order is important.
When executing sudo visudo
after sudo visudo -f
, sudo visudo
raises errors and successfully fails.
visudo -f
edits a file in isolation so there is no way for visudo
to know whether it is an include file for another sudoers file. If you are editing a file in /etc/sudoers.d
you should verify that the entire sudoers file parses correctly by running visudo -c
. Perhaps visudo
needs an option explicitly for editing files in an includedir.
Newer versions of sudo will recover from errors like this instead of refusing to run.