1 Reply Latest reply on Jul 20, 2018 9:43 AM by Antonio Caputo

    Management of sudoers with grammar file and BlPackage

    Sorin Gancea

      Hello,

       

      I have a customer that wants to manage his sudoers permission with BlPackages and a dedicated grammar file. BSA is 8.9.0.

       

      He created a configuration file from his sudoers file using the attached grammar (sudoers.gm). The content of sudoers file is correctly parsed in live browse window, for the corresponding configuration file, on a Linux server. See attachment: sudoers_ok.txt

       

      Then an entry from a sudoers file is packed in a BlPackage and this BlPackage is deployed on another server.

       

      The result of this deploy job is green but the sudoers file is corrupt, as it can be seen in attachment: sudoers_wrong.txt.

       

      I know that editing a sudoers file requires a special visudo command and having the file in one exclusive editing session.

       

      Is there a way to achieve the goal as it's requested by my customer?

       

      Regards,

      Sorin

        • 1. Re: Management of sudoers with grammar file and BlPackage
          Antonio Caputo

          I have the same issue.

           

          My sudoers file contains the line:

           

          %pd03admins ALL=(ALL) NOPASSWD:/bin/su -

           

          I added the sudoers grammar reported in this link https://communities.bmc.com/message/126013

           

          and now I see my sudoers (as config file) like this:

           

           

          Now, I have packed that line in a BLPackage modified it to the following (to add a new line into the sudoers):

           

           

          But, when deploy that package my sudoers file has been corrupted to this:

           

          %pd03admins=ALL (ALL) NOPASSWD:/bin/su -
          %test=ALL (ALL)       NOPASSWD:/bin/su -

           

          The sudoers file grammar is old from 2004 so maybe someone has a "new one"?

           

          Any idea on this?

           

          Thanks,

          Antonio