[sudo-users] bypassing visudo...

Josef Wolf jw at raven.inka.de
Tue Apr 4 16:42:02 EDT 2006


Documentation states that one should never bypass visudo.  But what
about hosts that are mostly administered automatically (e.g. via
cfengine)?  AFAICS, there's no (official) way to install/change the
sudoers file without going through an editor.  crontab(1), for example,
can install from a pregenerated temporary file or from stdin.  And cron
will happily eat any files that are thrown into /etc/cron.d.

Is the visudo restriction a serious one?  Or can I ignore it as long as I
can guarantee that:
- only one process edits sudoers at a time
- syntax of the new file is correct.

More information about the sudo-users mailing list