[sudo-users] Ignore malformed sudoers in /etc/sudoers.d?

Armin Kunaschik megabreit at googlemail.com
Thu Apr 14 09:54:48 EDT 2011

Hi all,

I like the "new" feature to include a whole directory of sudoers into
the main sudoers file.
But there was always the problem, that one malformed entry will
invalidate the whole sudoers.
This did not change... even if there are more sudoers files in /etc/sudoers.d.
It would be a great feature, if there are more sudoers in
/etc/sudoers.d, and one file has
malformed entries, to just ignore the specific file... not the whole
resulting sudoers file.

This is probably easy to implement (just check every file in sudoers.d
before checking the resulting file)
and (optional) ignore the broken file completely.

There are several ways this would improve managebility of multiple
sudoers (even with local and LDAP ones)
and still have minimum local permissions e.g. in case of a disaster.

Are there any drawbacks/errors in this idea? Any disadvantages?
Is this the right place to ask for the implementation of such feature?

Let's discuss :-)

More information about the sudo-users mailing list