Control: tag -1 + confirmed pending
Hi Christoph,
thanks for this bug report.
Christoph Berg wrote:
> The latest sudo version triggers this warning:
>
> # sudo -l
> /etc/sudoers.d/xymon:12:12: Syntax-Fehler
> xymon ALL=(list) SETENV:NOPASSWD: /usr/lib/xymon/client/ext/mailman
> ^~~~
I wonder what exactly is the syntax error here.
> Removing that line makes the problem go away.
On a first glance this seems to happen if Mailman (for which the list
user is) is not installed, but sudo is installed. But then again, the
user list seems on all my boxes. And for the line before that, it
doesn't argue about the user backuppc which surely doesn't exist on
most systems.
Then again, this line is untouched since 2012 when we switched the
user from hobbit to xymon, i.e. the position where the syntax error is
claimed is even older.
So I wonder: Did sudo's syntax change?
And yes, it did. It seems to have introduced a "list" keyword:
2022-12-26
[…]
Bump SUDOERS_GRAMMAR_VERSION to 50 for the new list pseudo-command.
🤬
eems to have been introduced in Testing yesterday with the migration
of sudo 1.9.13p1-1.
And indeed, if I change "list" to e.g. "listx", the error goes away.
> We should fix that for bookworm.
Ack. So the question is how to fix it.
The man page reads:
A user name, user-ID, group, group-ID, netgroup, nonunix_group or
nonunix_gid may be enclosed in double quotes to avoid the need
for escaping special characters.
I guess this probably also counts for keywords. Let's see and use
double quotes around "list" (sic!):
Yep, changing it to
xymon ALL=("list") SETENV:NOPASSWD: /usr/lib/xymon/client/ext/mailman
will make the error go away.
Will prepare an upload.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
