[sudo-users] Using #includedir /etc/sudoers.d

Shawn McMahon syberghost at gmail.com
Sat Nov 10 17:24:41 EST 2012

includedir was added in 1.7.2.

Also, every version you list there has at least one security issue that is
fixed in a later version, although it's possible your vendor has backported
the fix(es). (If that 1.7.4p5 is RedHat or CentOS, for instance, it
probably includes everything.)

You will end up reaching the same conclusion my company did; that if you
want a consistent configuration strategy, you need a consistent version, or
at least a consistent "minimum" version. We ended up packaging our own. You
could probably throw a 1.7.10p3 on all the pre-1.7.2 boxes and manage a
consistent config, although I'd recommend doing it to even the 1.7.2 boxes
because 1.7.3 added LOG_OUTPUT, which is very useful.

On Fri, Nov 9, 2012 at 5:10 PM, Drew Skinner <drewsk at gmail.com> wrote:

> Hi;
> I have to run an update of sudo configs to about 2000 Linux hosts and 1000
> Solaris hosts
> I'm not worried about the Solaris at all.
> First, I do not want to patch or install a new version of sudo anywhere,
> our systems are patched centrally and I don't want to make any changes to
> them via patching or upgrading.
> What i'd like to know is when specifically the includedir became available
> and if there are versions of it I should avoid. A quick scan of the
> environment gave me the following versions of sudo installed:
> 1.6.5p2
> 1.6.7p5
> 1.6.8p12
> 1.6.9p4
> 1.6.9p23
> 1.7.2p1
> 1.7.4p5
> I'll be writing a script to push some changes; for those versions that
> don't support it, I'll default to another method.
> Appreciate your replies in advance,
> Thanks,
> Drew.
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list