[sudo-users] How to test sudoers before deployment?

Bob Proulx bob at proulx.com
Sun Jan 9 13:15:35 EST 2005

Todd C. Miller wrote:
> You may find the testsudoers program useful.  It is really more of
> a developement tool for the parser but it does allow you to specify
> a sudoers file and check commands based on user and host.
> You can add "testsudoers" to the PROGS variable in the Makefile or
> just do "make testsudoers" to build it.

Yes!  That is very much useful to me in this context.  Thanks for that
hint.  I can wrap it for my purposes from something that tests the
parser to something that gives me a Yes/No answer about whether access
is provided or not.  Although for automated testing the return code is
more useful.

For the mail archive, I am able to script something very similar to
this to build up a regression test for my changes.

  user=bob host=dementia cmd=/usr/bin/foo sudoers=./sudoers \
  testsudoers $user $host $cmd < $sudoers \
  | grep -q 'cmnd_match : 1' && echo Yes || echo No


More information about the sudo-users mailing list