I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line
#includedir "/etc/sudoers.d"
It seems that line is being ignored.
The permissions on the file in that directory are 0440.
Any ideas would be greatly appreciated.
Thanks - Trey
Correction, seems to be broken in 5.6 as well...I also had this interesting argument with sudo...
# visudo -c -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
parse error in /etc/sudoers.d/zabbix-puppet near line 0
(((NOTE: I made absolutely no changes , just did ":q"))) # visudo -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
# visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: parsed OK
:-/
- Trey
On Mon, Jul 25, 2011 at 6:41 PM, Trey Dockendorf treydock@gmail.com wrote:
I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line
#includedir "/etc/sudoers.d"
It seems that line is being ignored.
The permissions on the file in that directory are 0440.
Any ideas would be greatly appreciated.
Thanks
- Trey
On Mon, Jul 25, 2011 at 7:41 PM, Trey Dockendorf treydock@gmail.com wrote:
I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line #includedir "/etc/sudoers.d" It seems that line is being ignored. The permissions on the file in that directory are 0440.
Have you tried "zabbix ALL = NOPASSWD: /var/lib/zabbix/bin/start_puppet" (spaces before and after "=")?
On 07/25/11 4:41 PM, Trey Dockendorf wrote:
I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line
#includedir "/etc/sudoers.d"
did you edit these files with visudo -f /path/to/file ? I'd try that.
Well I verified that putting the following line in /etc/sudoers works
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However if I put it in /etc/sudoers.d/zabbix-puppet it does not. Exact same spacing and everything.
The file was created with Puppet , and based on these errors I'm at a loss...
I check the syntax, it fails
# visudo -c -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
parse error in /etc/sudoers.d/zabbix-puppet near line 0
I then open the file with visudo, make absoltely no changes, just ":q" out, still get error.
# visudo -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
Then if I run the syntax check again it passes. However I still can't run the command without password prompt.
# visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: parsed OK
The files permissions are correct as specified by sudoers documentation on #includedir
-r--r----- 1 root root 56 Jul 26 15:55 zabbix-puppet
Does anyone else have the #includedir working in CentOS 5.6 or 6?
Thanks - Trey
On Mon, Jul 25, 2011 at 7:12 PM, John R Pierce pierce@hogranch.com wrote:
On 07/25/11 4:41 PM, Trey Dockendorf wrote:
I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my sudoers file I have this line
#includedir "/etc/sudoers.d"
did you edit these files with visudo -f /path/to/file ? I'd try that.
-- john r pierce N 37, W 122 santa cruz ca mid-left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 2011-07-26 at 15:59 -0500, Trey Dockendorf wrote:
Well I verified that putting the following line in /etc/sudoers works
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However if I put it in /etc/sudoers.d/zabbix-puppet it does not. Exact same spacing and everything.
The file was created with Puppet , and based on these errors I'm at a loss...
I check the syntax, it fails
# visudo -c -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
parse error in /etc/sudoers.d/zabbix-puppet near line 0
I then open the file with visudo, make absoltely no changes, just ":q" out, still get error.
# visudo -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
Then if I run the syntax check again it passes. However I still can't run the command without password prompt.
# visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: parsed OK
The files permissions are correct as specified by sudoers documentation on #includedir
---- probably should ask on the puppet list since using an includedir function would be far more likely with puppet where most people would just tack on their edits to /etc/sudoers directly.
I am sort of interested in your solution by the way (I am on the puppet list too) because I use puppet but so far, only on Ubuntu and it appears that our CentOS systems will eventually be phased out.
by the way, I have seen the same sort of spookiness about syntax errors created by visudo on Ubuntu 10.04 on perfectly valid edits. Had me scratching my head too. I used to always just use emacs to edit the file but at work, I try to play by the conventions.
Craig
On Wed, Jul 27, 2011 at 7:39 AM, Craig White craigwhite@azapple.com wrote:
On Tue, 2011-07-26 at 15:59 -0500, Trey Dockendorf wrote:
Well I verified that putting the following line in /etc/sudoers works
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However if I put it in /etc/sudoers.d/zabbix-puppet it does not. Exact same spacing and everything.
The file was created with Puppet , and based on these errors I'm at a loss...
I check the syntax, it fails
# visudo -c -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
parse error in /etc/sudoers.d/zabbix-puppet near line 0
I then open the file with visudo, make absoltely no changes, just ":q" out, still get error.
# visudo -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: syntax error near line 0 <<<
Then if I run the syntax check again it passes. However I still can't run the command without password prompt.
# visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: parsed OK
The files permissions are correct as specified by sudoers documentation on #includedir
probably should ask on the puppet list since using an includedir function would be far more likely with puppet where most people would just tack on their edits to /etc/sudoers directly.
I am sort of interested in your solution by the way (I am on the puppet list too) because I use puppet but so far, only on Ubuntu and it appears that our CentOS systems will eventually be phased out.
by the way, I have seen the same sort of spookiness about syntax errors created by visudo on Ubuntu 10.04 on perfectly valid edits. Had me scratching my head too. I used to always just use emacs to edit the file but at work, I try to play by the conventions.
Craig
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Craig,
I got things working...I posted my module on github if your interested , https://github.com/treydock/puppet-sudo . Was two problems. First was can't have quotations around the #includedir path, second was that puppet wasn't puppeting a new line character in the file when using the "content" approach (see modules note).
- Trey
-
Craig White -
John R Pierce -
Tom H -
Trey Dockendorf