{"id":7815,"date":"2025-09-15T17:11:44","date_gmt":"2025-09-15T14:11:44","guid":{"rendered":"https:\/\/mummila.net\/kommentit\/?p=7815"},"modified":"2025-09-15T17:11:44","modified_gmt":"2025-09-15T14:11:44","slug":"order-dependency-inconsistency-in-sudoers-parametervalue-parsing-wrt-quotes","status":"publish","type":"post","link":"https:\/\/mummila.net\/kommentit\/2025\/09\/15\/order-dependency-inconsistency-in-sudoers-parametervalue-parsing-wrt-quotes\/","title":{"rendered":"Order-dependency\/inconsistency in sudoers parameter=value parsing wrt. quotes"},"content":{"rendered":"

Describe the bug<\/strong>
\nI’m testing sudo-rs, and came across a bit of weirdness in\u00a0sudoers<\/code>\u00a0parsing, related to quotes and parameter order.<\/p>\n

To Reproduce<\/strong><\/p>\n

    \n
  1. $ touch test<\/code><\/li>\n
  2. edit\u00a0\/etc\/sudoers.d\/90-ssh-auth-sock<\/code>\u00a0to look like this:
    \nDefaults!\/bin\/chown timestamp_timeout=1,env_keep+=SSH_AUTH_SOCK<\/code><\/li>\n
  3. $ sudo-rs chown root:root test # this works as expected<\/code><\/li>\n
  4. edit\u00a0\/etc\/sudoers.d\/90-ssh-auth-sock<\/code>\u00a0to reorder the parameter=value pairs like this:
    \nDefaults!\/bin\/chown env_keep+=SSH_AUTH_SOCK,timestamp_timeout=1<\/code><\/li>\n
  5. $ sudo-rs chown jani:jani test # this fails:<\/code>
    \n\/etc\/sudoers.d\/90-ssh-auth-sock:1:63: double quotes are required for VAR=value pairs<\/code>
    \nDefaults!\/bin\/chown env_keep+=SSH_AUTH_SOCK,timestamp_timeout=1<\/code>
    \n ^<\/code><\/li>\n<\/ol>\n

    Expected behavior<\/strong><\/p>\n

    For sudo-rs to perform the command in 5. without error, as it did in point 3.<\/p>\n

    Environment (please complete the following information):<\/strong><\/p>\n