Bugzilla – Bug 941
Error message for forbidden tokens unclear
Last modified: 2021-09-11 15:55:42 MDT
2f0aca92c360 introduced the CWD and CHROOT directives, making these keywords forbidden in other contexts. Naturally, this breaks configs using these names, with trivial migrations. However, figuring out that this is the cause of the errors is less than trivial with the error messages given: /etc/sudoers:40: syntax error, unexpected CHROOT, expecting ALIAS Cmnd_Alias CHROOT = /usr/bin/mkarchroot, /usr/bin/arch-nspawn, /usr/bin/makechrootpkg, /usr/bin/extra-x86_64-build ^~~~~~ /etc/sudoers:119: syntax error, unexpected '\n', expecting '=' INSTALLERS ALL=INSTALL, UNINSTALL, CHROOT ^ Moreover, this stolen syntax could have been more prominently signalled in the changelog. At the very least, a message along the lines of "Changes x, y and z changed the syntax of sudoers, when updating please check that your sudoers is up to date with the syntax" would have been helpful. Not masking such a change behind a minor release would also have been helpful. A quick search failed to yield any official versioning policy, something along the lines of SemVer (https://semver.org) might be helpful.
It's unfortunate that adding those created new reserved words in sudoers; I agree they need to be documented. With the existing sudoers grammar, I don't see a way to resolve the ambiguity in the parser between an alias name and an option name. The syntax error messages are actually a lot better in 1.9.3 than before. Previously, sudo would simply have said "parse error near line 40". It may be possible to improve them further.
I just committed changes to the sudoers parser so that there is a better error message when declaring an alias with the same name as a reserved word. Now instead of: syntax error, unexpected CHROOT, expecting ALIAS You get: syntax error, reserved word used as an alias name with the offending token underlined in the message. I've also updated the man page to explicitly list the reserved words and added a warning to the upgrade notes.
Fixed in sudo 1.9.4