On Thu, Jul 01, 2021 at 07:59:51AM +0200, Marc Haber wrote: > I cringe at the necessity of using strace to obtain vital debugging > information. Would it be worth to make an upstream withlist request for > debugging output of this string so that stracing sudo unnecessary? It is > quite hard to strace an suid binary.
Intuiting how shells evaluate their syntax and turn the result into parameters for execve calls is fundamental Unix knowledge, and the system must expect a user to grok that. Also, it's not even difficult, except for the odd beginner's mistake. Maybe the manpage could emphasize a tick more that no shell expansion is done on sudoers rules (despite some wildcard expansion which may lead to confusion). But other than that I don't think anything should be done here. People just have to either read the error messages, study the docs harder/closer or suggest how they could be improved/say what confuses them. Regards, Dennis.
