[sudo-users] bypassing visudo...

Galen Johnson Galen.Johnson at sas.com
Tue Apr 4 16:51:26 EDT 2006

I would say that as long as the initial edit of the file goes through visudo, you should be ok pushing that file to your servers.  The primary reason that you don't want to bypass visudo is the error checking it does for you...if you're confident that your edits won't break sudo, then go for it but remember caveat emptor...or something like that. 

-----Original Message-----
From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Josef Wolf
Sent: Tuesday, April 04, 2006 4:42 PM
To: sudo-users at sudo.ws
Subject: [sudo-users] bypassing visudo...


Documentation states that one should never bypass visudo.  But what
about hosts that are mostly administered automatically (e.g. via
cfengine)?  AFAICS, there's no (official) way to install/change the
sudoers file without going through an editor.  crontab(1), for example,
can install from a pregenerated temporary file or from stdin.  And cron
will happily eat any files that are thrown into /etc/cron.d.

Is the visudo restriction a serious one?  Or can I ignore it as long as I
can guarantee that:
- only one process edits sudoers at a time
- syntax of the new file is correct.

sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list