[Bug 414854] New: sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

older
[Bug 390107] New: autoyast uploads...

bugzilla_noreply＠novell.com

5 Aug 2008 5 Aug '08

21:30

https://bugzilla.novell.com/show_bug.cgi?id=414854 Summary: sudo broken with ldap users -- "parse error in /etc/sudoers near line -1" Product: openSUSE 11.0 Version: Final Platform: All OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: adaugherity@tamu.edu QAContact: qa@suse.de Found By: --- After configuring LDAP logins with YaST on an 11.0 system, I discovered a problem with sudo, relating to users who are in LDAP but not in sudoers. Attempting to do anything with sudo (even "sudo -l") as such a user results in the error message "sudo: parse error in /etc/sudoers near line -1". Sudo never even prompts for a password, and worse, it sends a security email to root with this error message. My sudoers file is fairly standard -- just the wheel group. Here it is (with comments stripped): ==== Defaults always_set_home Defaults env_reset Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" root ALL=(ALL) ALL %wheel ALL=(ALL) ALL ==== If I add the ldap user to the wheel group in /etc/group, then that user can use sudo as expected. This is a regression from 10.3, and it is definitely a problem with sudo itself, rather than pam_ldap or something else. Rebuilding the source RPM for sudo from 10.3 (sudo-1.6.9p2-23) and installing that on 11.0 fixes the problem; similarly, building the version from 11.0 (sudo-1.6.9p15-13.1) on a 10.3 system causes the breakage to occur on 10.3 as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

6 Aug 6 Aug

07:40

New subject: [Bug 414854] sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 Thomas Biege changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |prusnak@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:38

New subject: [Bug 414854] sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c1 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |adaugherity@tamu.edu --- Comment #1 from Pavol Rusnak 2008-08-06 11:38:05 MDT --- Seems that the bug has been fixed in 1.6.9p16. I prepared 1.6.9p17 in BuildService*. Could you please test and report back ? * http://download.opensuse.org/repositories/home:/prusnak:/factory/openSUSE_Fa... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

20:47

New subject: [Bug 414854] sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User adaugherity@tamu.edu added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c2 Andrew Daugherity changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|adaugherity@tamu.edu | --- Comment #2 from Andrew Daugherity 2008-08-06 14:47:49 MDT --- Updating to that version fixes it, thanks! Can this be pushed out via openSUSE-11.0-Updates? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

8 Aug 8 Aug

08:20

New subject: [Bug 414854] sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c5 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #5 from Pavol Rusnak 2008-08-08 02:20:18 MDT --- We are not going to update 11.0. STABLE/FACTORY is now fixed. Thanks for the report! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

4 Sep 4 Sep

13:55

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User novell.com-pnt@ladisch.de added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c6 Julian Ladisch changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |novell.com-pnt@ladisch.de Severity|Normal |Major Status|RESOLVED |REOPENED Resolution|FIXED | Summary|sudo broken with ldap users -- "parse error in |sudo broken -- "parse error in /etc/sudoers near |/etc/sudoers near line -1" |line -1" --- Comment #6 from Julian Ladisch 2008-09-04 07:55:51 MDT --- The default /etc/sudoers file works:

...

sudo false root's password:

Using visudo to remove the two lines as explained in /usr/share/doc/packages/sudo/README.SUSE results in

...

sudo false sudo: parse error in /etc/sudoers near line -1

Using visudo to create an empty /etc/sudoers containing a single space or a single # character also results in

...

sudo false sudo: parse error in /etc/sudoers near line -1

This all is not related to ldap, I adjust the summary. This bug makes sudo unusable. I adjust severity to major. There should be a recommended update in http://download.opensuse.org/update/11.0/rpm/i586/ which is still missing. Therefore I reopen the bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:08

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c7 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #7 from Pavol Rusnak 2008-09-04 08:08:15 MDT --- It is still the same bug, which is fixed in sudo 1.6.9p17. Please install from Factory if this bugs bothers you. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

16 Oct 16 Oct

09:10

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c8 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |admin@vbi.vt.edu --- Comment #8 from Pavol Rusnak 2008-10-16 03:10:53 MDT --- *** Bug 435250 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=435250 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:25

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User admin@vbi.vt.edu added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c9 --- Comment #9 from Sysadmin VBI 2008-10-16 04:25:23 MDT --- Why will you not push this as an update? This bug makes sudo unusable for what its designed for. The recommended fix here, sudo from factory, requires now libselinux-devel to compile, which in turn doesn't exist in 11.0. That seems hardly an acceptable 'fix'. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:39

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c10 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #10 from Pavol Rusnak 2008-10-16 04:39:42 MDT --- Sysadmin is probably right as new sudo introduces new SELinux dependencies. Anja? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:39

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 Pavol Rusnak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |ast@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

20:57

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User dmueller@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c11 Dirk Mueller changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|ast@novell.com | --- Comment #11 from Dirk Mueller 2008-10-16 14:57:47 MDT --- MaintenanceTracker-20269 A version update is not acceptable, but this bug is documented in the changelog of 1.6.9p16, so it should be easy to extract the patch and backport it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17 Oct 17 Oct

13:17

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User prusnak@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c12 --- Comment #12 from Pavol Rusnak 2008-10-17 07:17:22 MDT --- Dirk: Package submitted to 11.0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11 Nov 11 Nov

15:53

New subject: [Bug 414854] sudo broken -- "parse error in /etc/sudoers near line -1"

https://bugzilla.novell.com/show_bug.cgi?id=414854 User dmueller@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=414854#c16 Dirk Mueller changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #16 from Dirk Mueller 2008-11-11 08:53:57 MST --- released for 11.0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

5651

Age (days ago)

5749

Last active (days ago)

List overview

Download

13 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 414854] New: sudo broken with ldap users -- "parse error in /etc/ sudoers near line -1"

tags

participants (1)