Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-3433

Patch augeas to allow AD groups in sudoers lens



    • Needs Assessment
    • Reviewed
    • 40873
    • 1
    • Bug Fix
    • The 'sudoers' lens from augeas was not supporting AD users/groups. Allowing them to have backslashes in them fixed the issue.
    • Needs Assessment


      Basic Info
      Module Version: 1.05
      Puppet Version: 2019.1.1
      OS Name/Version: RHEL 7

      Information from the customer:

      "I ran across a rather interesting ‘bug’ while trying to use a resource called augeas to modify our sudoers file. Unfortunately, I ran into a parsing error and upon further investigation, I’m fairly certain this is the same issue described in this link: https://tickets.puppetlabs.com/browse/ENTERPRISE-732. It says there is a hotfix for the issue but that it’s for much older versions of Puppet than what we are running and that the hotfix should have been applied to future versions of Puppet. The ticket is also marked as still open. What I’m wondering is if we can safely apply the hotfix in that link to our version of Puppet which is 6.4.3 or there is another solution."

      Desired Behavior:

      Actual Behavior:

      I believe it's failing on a line that has: %<domain>
      <ldap group name> ALL=(ALL) ALL

      I believe it might be the '
      ' that's causing the error now. Please see parsing error below.
      augtool> print /augeas//error
      /augeas/files/etc/sudoers/error = "parse_failed"
      /augeas/files/etc/sudoers/error/pos = "4412"
      /augeas/files/etc/sudoers/error/line = "122"
      /augeas/files/etc/sudoers/error/char = "18"
      /augeas/files/etc/sudoers/error/lens = "/opt/puppetlabs/puppet/share/augeas/lenses/dist/sudoers.aug:538.10-.70:"
      /augeas/files/etc/sudoers/error/lens/last_matched = "/opt/puppetlabs/puppet/share/augeas/lenses/dist/build.aug:59.43-.57:"
      /augeas/files/etc/sudoers/error/lens/next_not_matched = "/opt/puppetlabs/puppet/share/augeas/lenses/dist/sep.aug:47.18-.40:"


      test-admins ALL=(ALL) ALL is the line it's failing on.

      This syntax is used on all our machines."


        Issue Links



              luchian.nemes Luchian Nemes
              gareth.mcgrillan Gareth McGrillan
              0 Vote for this issue
              3 Start watching this issue



                Zendesk Support