Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sudo resource does not check if command aliases are already in use #8763

Open
drzewiec opened this issue Jul 22, 2019 · 0 comments

Comments

@drzewiec
Copy link

commented Jul 22, 2019

Description

The sudo resource (as of chef-client 14.4.56) does not check whether a command alias is already defined before adding it to a file within sudoers.d. This will cause sudo to break, unable to parse the sudoers config.

Chef Version

14.4.56

Platform Version

CentOS/RHEL 7

Replication Case

  1. Create a sudo resource in a recipe which defines some command alias along with the user who should run it
  2. Make a separate file in sudoers.d which contains the identical Cmnd_Alias to what chef-client will produce in its sudoers.d file
  3. Run chef-client
  4. Attempt to sudo will fail, as the Cmnd_Alias is duplicated in two files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.