[sudo-users] JSON import to sudoers
tfb at tfeb.org
Tue Nov 18 12:13:46 MST 2014
On 18 Nov 2014, at 18:10, Todd C. Miller <Todd.Miller at courtesan.com> wrote:
> Once we can parse JSON input into the parse tree that sudo expects,
> this begs the question as to whether it makes sense to just allow
> sudo to read a sudoers.json file directly.
That would be fine for me: I'd be happy with imposing a system which said that you could generate the JSON from a sudoers file but not print the JSON back to a flat sudoers file, so you'd do a once-off import and then live in a world where everything was JSON. I think such a thing could even be sold to the kind of 'enterprise' people who are worrying about sudoers audits, since JSON<->XML is trivial, and XML is something they'll like, so I could claim this was sudoers-in-XML.
In other words: JSON->parse tree would be fine as a first step (from my point of view), even if you can't print the sudoers file from it.
More information about the sudo-users