[Bug 414854] New: sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"
https://bugzilla.novell.com/show_bug.cgi?id=414854 Summary: sudo broken with ldap users -- "parse error in /etc/sudoers near line -1" Product: openSUSE 11.0 Version: Final Platform: All OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: adaugherity@tamu.edu QAContact: qa@suse.de Found By: --- After configuring LDAP logins with YaST on an 11.0 system, I discovered a problem with sudo, relating to users who are in LDAP but not in sudoers. Attempting to do anything with sudo (even "sudo -l") as such a user results in the error message "sudo: parse error in /etc/sudoers near line -1". Sudo never even prompts for a password, and worse, it sends a security email to root with this error message. My sudoers file is fairly standard -- just the wheel group. Here it is (with comments stripped): ==== Defaults always_set_home Defaults env_reset Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" root ALL=(ALL) ALL %wheel ALL=(ALL) ALL ==== If I add the ldap user to the wheel group in /etc/group, then that user can use sudo as expected. This is a regression from 10.3, and it is definitely a problem with sudo itself, rather than pam_ldap or something else. Rebuilding the source RPM for sudo from 10.3 (sudo-1.6.9p2-23) and installing that on 11.0 fixes the problem; similarly, building the version from 11.0 (sudo-1.6.9p15-13.1) on a 10.3 system causes the breakage to occur on 10.3 as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=414854
Thomas Biege
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c1
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User adaugherity@tamu.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c2
Andrew Daugherity
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c5
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User novell.com-pnt@ladisch.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c6
Julian Ladisch
sudo false root's password:
Using visudo to remove the two lines as explained in /usr/share/doc/packages/sudo/README.SUSE results in
sudo false sudo: parse error in /etc/sudoers near line -1
Using visudo to create an empty /etc/sudoers containing a single space or a single # character also results in
sudo false sudo: parse error in /etc/sudoers near line -1
This all is not related to ldap, I adjust the summary. This bug makes sudo unusable. I adjust severity to major. There should be a recommended update in http://download.opensuse.org/update/11.0/rpm/i586/ which is still missing. Therefore I reopen the bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c7
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c8
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User admin@vbi.vt.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c9
--- Comment #9 from Sysadmin VBI
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c10
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User dmueller@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c11
Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=414854
User prusnak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c12
--- Comment #12 from Pavol Rusnak
https://bugzilla.novell.com/show_bug.cgi?id=414854
User dmueller@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414854#c16
Dirk Mueller
participants (1)
-
bugzilla_noreply@novell.com