includedir in suoders can be prefixed by "arroba" #783
+14
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi. I already signed the individual contributors agreement. Could you retry the github action? |
Since version 1.9.1, @includedir can be used in the sudoers files instead of #includedir: https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_1 Actually "@includedir" is the modern syntax, and "#includedir" the historic syntax. It has been considered that "#includedir" was too puzzling because it started with a "#" that otherwise denotes comments. This happens to be the default in SUSE Linux enterprise sudoer package, so cloudinit should take this into account. Otherwise, cloudinit was adding an extra #includedir, which was resulting on the files under /etc/sudoers.d being included twice, one by @includedir from the SUSE package, one by the @includedir from cloudinit. The consequence of this, was that if you were defining an Cmnd_Alias inside any of those files, this was being defined twice and creating an error when using sudo. Signed-off-by: Jordi Massaguer Pla <jmassaguerpla@suse.de>
jordimassaguerpla
force-pushed
the
use_arroba_to_include_sudoers_directory
branch
from
d62bd1f
to
d580807
Compare
|
I was missing #787 |
TheRealFalcon
requested changes
Jan 26, 2021
There was a problem hiding this comment.
@jordimassaguerpla Thanks for this. The change looks good, but can you add a unit test or two as well? It would look similar and go in the same place as the one I'm linking here, but ensure that when a line containing the # or @ include is encountered, that it correctly keeps the line rather than appending a new one.
https://github.com/canonical/cloud-init/blob/master/tests/unittests/test_distros/test_generic.py#L109
Signed-off-by: Jordi Massaguer Pla <jmassaguerpla@suse.de>
Co-authored-by: James Falcon <TheRealFalcon@users.noreply.github.com>
TheRealFalcon
added a commit
to TheRealFalcon/cloud-init
that referenced
this pull request
Mar 4, 2021
Newer verisons of /etc/sudoers prefer @includedir over #includedir. Ensure we handle that properly and don't include an additional #includedir when one isn't warranted.
TheRealFalcon
added a commit
that referenced
this pull request
Mar 11, 2021
This was referenced May 12, 2023
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Commit Message