From d58080797b7606a4bff9ddc6f3124b4514c66316 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Pla Date: Fri, 22 Jan 2021 17:10:17 +0100 Subject: [PATCH 1/3] includedir in suoders can be prefixed by "arroba" Since version 1.9.1, @includedir can be used in the sudoers files instead of #includedir: https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_1 Actually "@includedir" is the modern syntax, and "#includedir" the historic syntax. It has been considered that "#includedir" was too puzzling because it started with a "#" that otherwise denotes comments. This happens to be the default in SUSE Linux enterprise sudoer package, so cloudinit should take this into account. Otherwise, cloudinit was adding an extra #includedir, which was resulting on the files under /etc/sudoers.d being included twice, one by @includedir from the SUSE package, one by the @includedir from cloudinit. The consequence of this, was that if you were defining an Cmnd_Alias inside any of those files, this was being defined twice and creating an error when using sudo. Signed-off-by: Jordi Massaguer Pla --- cloudinit/distros/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py index 1e118472840..220bd11f2c1 100755 --- a/cloudinit/distros/__init__.py +++ b/cloudinit/distros/__init__.py @@ -673,7 +673,7 @@ def ensure_sudo_dir(self, path, sudo_base='/etc/sudoers'): found_include = False for line in sudoers_contents.splitlines(): line = line.strip() - include_match = re.search(r"^#includedir\s+(.*)$", line) + include_match = re.search(r"^[#|@]includedir\s+(.*)$", line) if not include_match: continue included_dir = include_match.group(1).strip() From 8e4298fe9bbfe727f2416a7a08193203cdcd9a0f Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Pla Date: Wed, 27 Jan 2021 12:17:40 +0100 Subject: [PATCH 2/3] Add test for not adding 2 includedirs when there is one with arroba Signed-off-by: Jordi Massaguer Pla --- tests/unittests/test_distros/test_generic.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/unittests/test_distros/test_generic.py b/tests/unittests/test_distros/test_generic.py index 44607489767..b33db313482 100644 --- a/tests/unittests/test_distros/test_generic.py +++ b/tests/unittests/test_distros/test_generic.py @@ -119,6 +119,18 @@ def test_sudoers_ensure_append(self): self.assertIn("josh", contents) self.assertEqual(2, contents.count("josh")) + def test_sudoers_ensure_only_one_includedir(self): + cls = distros.fetch("ubuntu") + d = cls("ubuntu", {}, None) + self.patchOS(self.tmp) + self.patchUtils(self.tmp) + util.write_file("/etc/sudoers", "@includedir /b") + d.ensure_sudo_dir("/b") + contents = util.load_file("/etc/sudoers") + self.assertIn("includedir /b", contents) + self.assertTrue(os.path.isdir("/b")) + self.assertEqual(1, contents.count("includedir /b")) + def test_arch_package_mirror_info_unknown(self): """for an unknown arch, we should get back that with arch 'default'.""" arch_mirrors = gapmi(package_mirrors, arch="unknown") From cb767fbcedf9fa31e5caa4dae17717d35356a2ba Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Pla Date: Fri, 29 Jan 2021 11:28:32 +0100 Subject: [PATCH 3/3] Update tests/unittests/test_distros/test_generic.py Co-authored-by: James Falcon --- tests/unittests/test_distros/test_generic.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/unittests/test_distros/test_generic.py b/tests/unittests/test_distros/test_generic.py index b33db313482..336150bccf4 100644 --- a/tests/unittests/test_distros/test_generic.py +++ b/tests/unittests/test_distros/test_generic.py @@ -124,12 +124,13 @@ def test_sudoers_ensure_only_one_includedir(self): d = cls("ubuntu", {}, None) self.patchOS(self.tmp) self.patchUtils(self.tmp) - util.write_file("/etc/sudoers", "@includedir /b") - d.ensure_sudo_dir("/b") - contents = util.load_file("/etc/sudoers") - self.assertIn("includedir /b", contents) - self.assertTrue(os.path.isdir("/b")) - self.assertEqual(1, contents.count("includedir /b")) + for char in ['#', '@']: + util.write_file("/etc/sudoers", "{}includedir /b".format(char)) + d.ensure_sudo_dir("/b") + contents = util.load_file("/etc/sudoers") + self.assertIn("includedir /b", contents) + self.assertTrue(os.path.isdir("/b")) + self.assertEqual(1, contents.count("includedir /b")) def test_arch_package_mirror_info_unknown(self): """for an unknown arch, we should get back that with arch 'default'."""