[sudo-users] Parsing the sudoers file

Matthew Hannigan mlh at zip.com.au
Wed Nov 27 15:47:44 MST 2013


Wow Todd, that's fantastic.
Will there be an import as well?

Regards,
Matt


On Thu, Nov 28, 2013 at 8:00 AM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Mon, 23 Sep 2013 12:09:27 +0100, Tim Bradshaw wrote:
>
>> As a final comment on this thread, I think it would be an extremely
>> good thing if sudo had a mode which simply parses the sudoers file
>> and spits out the parse tree in some widely-known form: JSON would
>> be ideal I think, but some XML thing would be OK as well.  Then
>> some other application could walk the tree and make deductions from
>> it. That would avoid the problem of things that want to do this
>> having to reinvent sudo's parser, and getting it wrong (in all cases
>> that I've seen), with resulting possible security excitements.
>
> Visudo in sudo 1.8.9 now has an export mode that will output a
> sudoers file to JSON form to the standard output.  Sudo 1.8.9 is
> in beta now, see: http://www.sudo.ws/sudo/devel.html#1.8.9b1
>
> The output format is not yet documented, but it uses the same
> terminology as the sudoers manual.  It is intended to be more or
> less self-explanatory.  Unlike sudoers, there is little ambiguity
> (hopefully none) and the value type is listed explicitly.
>
> If you or anyone else has feedback to offer on this, I'd appreciate
> hearing it.
>
>  - todd
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users



-- 
m a t t h e w   l i n u s   h a n n i g a n


More information about the sudo-users mailing list