[sudo-users] Parsing the sudoers file

Todd C. Miller Todd.Miller at courtesan.com
Wed Nov 27 14:00:51 MST 2013

On Mon, 23 Sep 2013 12:09:27 +0100, Tim Bradshaw wrote:

> As a final comment on this thread, I think it would be an extremely
> good thing if sudo had a mode which simply parses the sudoers file
> and spits out the parse tree in some widely-known form: JSON would
> be ideal I think, but some XML thing would be OK as well.  Then
> some other application could walk the tree and make deductions from
> it. That would avoid the problem of things that want to do this
> having to reinvent sudo's parser, and getting it wrong (in all cases
> that I've seen), with resulting possible security excitements.

Visudo in sudo 1.8.9 now has an export mode that will output a
sudoers file to JSON form to the standard output.  Sudo 1.8.9 is
in beta now, see: http://www.sudo.ws/sudo/devel.html#1.8.9b1

The output format is not yet documented, but it uses the same
terminology as the sudoers manual.  It is intended to be more or
less self-explanatory.  Unlike sudoers, there is little ambiguity
(hopefully none) and the value type is listed explicitly.

If you or anyone else has feedback to offer on this, I'd appreciate
hearing it.

 - todd

More information about the sudo-users mailing list