[sudo-users] How to test sudoers before deployment?
bob at proulx.com
Sun Jan 9 13:15:35 EST 2005
Todd C. Miller wrote:
> You may find the testsudoers program useful. It is really more of
> a developement tool for the parser but it does allow you to specify
> a sudoers file and check commands based on user and host.
> You can add "testsudoers" to the PROGS variable in the Makefile or
> just do "make testsudoers" to build it.
Yes! That is very much useful to me in this context. Thanks for that
hint. I can wrap it for my purposes from something that tests the
parser to something that gives me a Yes/No answer about whether access
is provided or not. Although for automated testing the return code is
For the mail archive, I am able to script something very similar to
this to build up a regression test for my changes.
user=bob host=dementia cmd=/usr/bin/foo sudoers=./sudoers \
testsudoers $user $host $cmd < $sudoers \
| grep -q 'cmnd_match : 1' && echo Yes || echo No
More information about the sudo-users