[sudo-users] bypassing visudo...
jw at raven.inka.de
Tue Apr 4 16:42:02 EDT 2006
Documentation states that one should never bypass visudo. But what
about hosts that are mostly administered automatically (e.g. via
cfengine)? AFAICS, there's no (official) way to install/change the
sudoers file without going through an editor. crontab(1), for example,
can install from a pregenerated temporary file or from stdin. And cron
will happily eat any files that are thrown into /etc/cron.d.
Is the visudo restriction a serious one? Or can I ignore it as long as I
can guarantee that:
- only one process edits sudoers at a time
- syntax of the new file is correct.
More information about the sudo-users