[sudo-users] Distributed sudoers updates

David Ledger david.ledger at ivdcs.co.uk
Thu Feb 14 02:28:39 EST 2008

At 13:19 -0800 13/2/08, Bob Hall wrote:
>This may sound a little unorthodox from a security
>perspective, but we would like to be able to perform
>standardized updates of the sudoers file across
>multiple platforms and multiple OS's. One issue that
>has arisen is that some vendors do not use a
>standardized installation, so that the sudoers file
>may appear in locations other than under /etc. (An
>example is the HP-UX ixSudo bundle, which loads the
>sudoers file under /opt/iexpress/sudo/etc/.) This
>wouldn't be a problem for us if there was a
>command-line equivalent to visudo.
>Has anybody come up with a decent solution to this
>problem? We could possibly set the 'enveditor Default'
>in the sudoers file, allowing us to perform the edits
>using EDITOR=ex. But as the man page for visudo points
>out, this would open up a security hole.

You could use links. sudo won't work if its files are links, but the 
update may well do. Depends how you do the update.


David Ledger - Freelance Unix Sysadmin in the UK.
HP-UX specialist of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk

More information about the sudo-users mailing list