Sudo: Using arguments in /etc/sudoers.d/ file, particularly with mount (visudo rejects syntax)

Question

I have a syntax wrangling problem with sudo that may not be solvable.

I know I know, OpenBSD's new doas is better than sudo, but it is not available on CentOS 7 or Rocky 8. So we're stuck with sudo for a while, girls and guys.

If I add the following line with visudo -f /etc/sudoers.d/custom it works, and visudo doesn't complain about it:

%group@domain.com *=(root) NOPASSWD: /usr/bin/mount -a

However, if I then add the following:

%group@domain.com *=(root) NOPASSWD: /usr/bin/mount -o remount,rw nfs-server.domain.com:/nfs3 /mnt/nfs3

Then visudo consistently rejects it with: syntax error near line 41 (indeed it is line 41). I have tried various alternations of the above.

Any ideas why, or what would work?

Thank you

ping-me · Answer 1 · 2022-10-20T12:50:41.533

0

Solution was to read man sudoers as apparently some characters need escaping. Curiously the humble comma is one of them (not usually a sensitive character).

Extract:

 Note that the following characters must be escaped with a ‘\’
 if they are used in command arguments: ‘,’, ‘:’, ‘=’, ‘\’.

edited Oct 20 '22 at 12:50

answered Oct 20 '22 at 12:00

ping-me

1
2

The comma is how you separate a list of commands, it seems reasonable that it should be escaped to not mean that you're starting a new command to allow... – Ginnungagap Oct 20 '22 at 20:49

Sudo: Using arguments in /etc/sudoers.d/ file, particularly with mount (visudo rejects syntax)

1 Answers1