SCIENTIFIC-LINUX-DEVEL Archives

December 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: augeas 1.0.0 for SL6 has issues with sudoers
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Fri, 6 Dec 2013 08:53:35 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (85 lines) 
On 12/06/2013 06:00 AM, Sternberger, Sven wrote:
> Hello!
>
> I use in my /etc/sudoers config file a line like this
>
> ALL ALL=NOPASSWD: /path/to/command
>
> to allow all user to execute a command as root without password.
>
> With the update to augeas 1.0.0-5.el6 this can't be parsed/produced
> by augeas anymore due to a bug in the related lens.
>
> The problem is that aliases with capital letters are not
> allowed (btw. also no user groups with capital letters)
>
> As there is no epel version of augeas for el6 it would be nice if
> this could be fixed or send to TUV
>
> Lens File:
> /usr/share/augeas/lenses/dist/sudoers.aug
>
> 1.0.0-5.el6 version (buggy):
> ----------------------------
> let sto_to_com_user =
>        let nis_re = /([A-Z]([-A-Z0-9]|(\\\\[ \t]))*+\\\\\\\\)/
>     in let user_re = /[%+@a-z]([-a-z0-9]|(\\\\[ \t]))*/
>     in store (nis_re? . user_re)
>
>
> 1.1 version (correct):
> ----------------------
> let sto_to_com_user =
>        let nis_re = /([A-Z]([-A-Z0-9]|(\\\\[ \t]))*+\\\\\\\\)/
>     in let user_re = /[%+@a-z]([-a-z0-9._]|(\\\\[ \t]))*/
>     in let alias_re = /[A-Z_]+/
>     in store ((nis_re? . user_re) | alias_re)
>
> regards
>
> sven

Hi Sven,

Thanks for taking the time to research, write, and send this to 
Scientific Linux!  The best way to get this patch included in a new 
version of Scientific Linux is to get the fix included further up 
stream.[1]  That way groups other than this one can benefit from your 
work on this issue.  From our side we try not to deviate very much from 
what our upstream provider is doing.  Our hope is that by following them 
closely we reduce the possible problems our users encounter.  But this 
can lead to some tension in the application of patches, particularly 
patches that fix problems.

One of the best ways we can give back to our upstream providers is fixes 
like this one.  I hope that you can open a bug with them so that 
everyone can benefit from this.  As a point of etiquette, they prefer 
not to have mention of SL on their bug tracker.  Our source, for any 
package they provide, is their source.  Any patches we apply are noted 
in the changelog with justifications and generally attributed to Connie, 
Troy (who has left us), myself, or the Scientific Linux Development list.

Right now our commitment to improving SL, assisting upstream in fixes, 
and generally trying to give back to the linux community at large gives 
us pause before applying any patch for upstream packages which doesn't 
have an associated bugzilla number.  They've given us so much, we want 
to try and give back where we can and help encourage others to do so in 
the spirit of the open source movement.

Again, thank you for your efforts here!  Please feel free to continue to 
contribute regularly to [log in to unmask]



[1] http://bugzilla.redhat.com/

Pat



-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

ATOM RSS1 RSS2