From 6b608a90cc129630c19da6e98e7a1f74183a2e2a Mon Sep 17 00:00:00 2001 From: Thomas Leitner Date: Fri, 26 Jun 2026 10:56:38 +0200 Subject: [PATCH] Fix sudo::defaults function to correctly place list I was using this module on a new Debian 13 host and checked the changes to the default sudoers file. Reviewing the changes I wanted to preserve some of the defaults. However, most of the Debian defaults are specified like `Defaults:%sudo ...`. Therefore I tried using the `list` value with `:%sudo`. As this was placed after the key and not directly after `Defaults` it led to an error in the sudoers configuration: ~~~ /etc/sudoers:4:18: syntax error Defaults env_keep:%sudo+="http_proxy https_proxy ftp_proxy all_proxy no_proxy" ^~~~~~~ ~~~ I'm not entirely sure what the `list` key does in the current form but I think it needs to go directly after the `Defaults` string, as indicated by `man sudoers`. With this change the resulting sudoers file works correctly: ~~~ Defaults:%sudo env_keep+="http_proxy https_proxy ftp_proxy all_proxy no_proxy" ~~~ --- lib/puppet/functions/sudo/defaults.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/puppet/functions/sudo/defaults.rb b/lib/puppet/functions/sudo/defaults.rb index c5bc8cfb..a0866dc2 100644 --- a/lib/puppet/functions/sudo/defaults.rb +++ b/lib/puppet/functions/sudo/defaults.rb @@ -41,11 +41,11 @@ def defaults(*args) end def defaults_entry(key, config) - entry = "Defaults\t#{key}" + entry = "Defaults" + entry.concat((config['list']).to_s) if config && config.key?('list') + entry << "\t#{key}" unless config.nil? || config.equal?(:undef) - entry.concat((config['list']).to_s) if config.key? 'list' - operator = '=' operator = config['operator'] if config.key? 'operator'