Avoid Duplicate Configuration with SUDO 1.9

This document (000020389) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15 SP3

Situation

The SLE 15 SP3 ships with sudo 1.9.5p2-1.5 package. With old configuration, running sudo -v will complain about duplicate alias e.g. 
Alias "en_GB.UTF-8" already defined

Resolution

To troubleshoot the issue: 
  • Make sure there are no duplicate Cmnd_Alias
s15sp3:~ # sudo -v
s15sp3:~ # cat > /etc/sudoers.d/test <<EOF
> Cmnd_Alias      KILL = /usr/bin/kill
> Cmnd_Alias      KILL = /usr/bin/kill
> EOF
s15sp3:~ # sudo -v
/etc/sudoers.d/test:2:37: Alias "en_GB.UTF-8" already defined
Cmnd_Alias      KILL = /usr/bin/kill
                                    ^
 
  • The /etc/sudoers only include the same directory once
s15sp3:~ # sudo -v
s15sp3:~ # cat > /etc/sudoers.d/test <<EOF
> Cmnd_Alias      KILL = /usr/bin/kill
> EOF
s15sp3:~ # sudo -v
s15sp3:~ # tail -3 /etc/sudoers

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d
s15sp3:~ # echo "#includedir /etc/sudoers.d" >> /etc/sudoers
s15sp3:~ # tail -3 /etc/sudoers
## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d
#includedir /etc/sudoers.d
s15sp3:~ # sudo -v
/etc/sudoers.d/test:1:37: Alias "en_GB.UTF-8" already defined
Cmnd_Alias      KILL = /usr/bin/kill
                                    ^

Note: To include extra sudoers configuration use @includedir, for old sudo #includedir 

Cause

The above error could be caused by: 
  • Duplicate Cmnd_Alias definition
  • Bad configuration/Duplicate includedir directive in /etc/sudoers 

Additional Information

From sudoers man pages: 
 
It is possible to include other sudoers files from within the sudoers file currently being parsed using the @include and @includedir directives.  For compatibility with sudo versions prior to 1.9.1, #include and #includedir are also accepted.
 
s15sp2:~ # tail -4 /etc/sudoers

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020389
  • Creation Date: 16-Sep-2021
  • Modified Date:16-Sep-2021
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center