Request for enhancement plus enhancement for sudoers-lint available

Herbert Wengatz Herbert.Wengatz at
Tue May 20 07:02:26 EDT 2003

Hi there!

Besides that "sudo" is meanwhile a very well known and established tool in
the *nix-community, IMHO it still lacks at least one important feature:

The possibility to enter "end-dates" for validity and to check them and
disable them, too.

Todd, since you seem to refurbish the parser, you may as well introduce this
feature, too. It would be a great help. - Very often we have some guys here
that need sudo permissions 'for only a couple of days or weeks' and can't precisely
say for how long. We usually give them a couple of weeks more than they request,
but since it has no effects on their account when the time is run out, we believe
that this may become a problem. At least for us, cleaning up the files manually
every now and then.

It would be absolutely great if one could enter an "enddate" and sudo would
simply stop working for that account at that time.

Anyway, is anybody interested in a slightly enhanced version of 'sudoers-lint' ?

We use sh-like comments in the sudoers file, which lead to some problems
in parsing the command aliases. I fixed that, as well as the fact that
'negations' in the file lead to some problems, too.

The lines look like that:

account host=permissions # enddate + some more comments

or like:

account hostalias=permission,!permission # enddate + comments

my version of sudoers lint can handle that. :-)

Mit freundlichen Gruessen, / With kind regards,

Herbert Wengatz

Herbert Wengatz                        mailto:Herbert.Wengatz at
CC CompuNet fuer BMW FZ-441            Hoerselbergstr. 7
Serverbetrieb Sun Solaris              D-81677 Muenchen
Unix is the only operating system, where 'more magic' is a valid command.

More information about the sudo-users mailing list