[sudo-users] Parsing the sudoers file
Todd C. Miller
Todd.Miller at courtesan.com
Wed Nov 27 14:00:51 MST 2013
On Mon, 23 Sep 2013 12:09:27 +0100, Tim Bradshaw wrote:
> As a final comment on this thread, I think it would be an extremely
> good thing if sudo had a mode which simply parses the sudoers file
> and spits out the parse tree in some widely-known form: JSON would
> be ideal I think, but some XML thing would be OK as well. Then
> some other application could walk the tree and make deductions from
> it. That would avoid the problem of things that want to do this
> having to reinvent sudo's parser, and getting it wrong (in all cases
> that I've seen), with resulting possible security excitements.
Visudo in sudo 1.8.9 now has an export mode that will output a
sudoers file to JSON form to the standard output. Sudo 1.8.9 is
in beta now, see: http://www.sudo.ws/sudo/devel.html#1.8.9b1
The output format is not yet documented, but it uses the same
terminology as the sudoers manual. It is intended to be more or
less self-explanatory. Unlike sudoers, there is little ambiguity
(hopefully none) and the value type is listed explicitly.
If you or anyone else has feedback to offer on this, I'd appreciate
hearing it.
- todd
More information about the sudo-users
mailing list