1 Reply Latest reply on Jul 20, 2018 9:43 AM by Antonio Caputo

    Management of sudoers with grammar file and BlPackage

    Sorin Gancea



      I have a customer that wants to manage his sudoers permission with BlPackages and a dedicated grammar file. BSA is 8.9.0.


      He created a configuration file from his sudoers file using the attached grammar (sudoers.gm). The content of sudoers file is correctly parsed in live browse window, for the corresponding configuration file, on a Linux server. See attachment: sudoers_ok.txt


      Then an entry from a sudoers file is packed in a BlPackage and this BlPackage is deployed on another server.


      The result of this deploy job is green but the sudoers file is corrupt, as it can be seen in attachment: sudoers_wrong.txt.


      I know that editing a sudoers file requires a special visudo command and having the file in one exclusive editing session.


      Is there a way to achieve the goal as it's requested by my customer?




        • 1. Re: Management of sudoers with grammar file and BlPackage
          Antonio Caputo

          I have the same issue.


          My sudoers file contains the line:


          %pd03admins ALL=(ALL) NOPASSWD:/bin/su -


          I added the sudoers grammar reported in this link https://communities.bmc.com/message/126013


          and now I see my sudoers (as config file) like this:



          Now, I have packed that line in a BLPackage modified it to the following (to add a new line into the sudoers):



          But, when deploy that package my sudoers file has been corrupted to this:


          %pd03admins=ALL (ALL) NOPASSWD:/bin/su -
          %test=ALL (ALL)       NOPASSWD:/bin/su -


          The sudoers file grammar is old from 2004 so maybe someone has a "new one"?


          Any idea on this?