[sudo-users] JSON import to sudoers

Galen Johnson Galen.Johnson at sas.com
Wed Nov 19 14:45:17 MST 2014

I would've suggested YAML files over JSON but I think at that point it becomes a religious discussion.


From: sudo-users <sudo-users-bounces at courtesan.com> on behalf of Johnson Aaron <JohnsonAaron at JohnDeere.com>
Sent: Tuesday, November 18, 2014 2:23 PM
To: Tim Bradshaw; Todd C. Miller
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] JSON import to sudoers

I had the same thought... JSON would be a cleaner format to work with. It would be easier to maintain and manage as the sudoers file grows.

If visudo had the ability to parse JSON then it would make sense that JSON could serve as an alternative backend to sudo so that no conversion between formats is necessary.

This is exactly what I am looking for actually. A file format with strict data structuring would help enforce a clean sudoers file and make maintenanence, automation, cleanup, etc smarter and easier.

Aaron Johnson

-----Original Message-----
From: Tim Bradshaw [mailto:tfb at tfeb.org]
Sent: Tuesday, November 18, 2014 13:14 PM
To: Todd C. Miller
Cc: Johnson Aaron; sudo-users at sudo.ws
Subject: Re: [sudo-users] JSON import to sudoers

On 18 Nov 2014, at 18:10, Todd C. Miller <Todd.Miller at courtesan.com> wrote:

> Once we can parse JSON input into the parse tree that sudo expects,
> this begs the question as to whether it makes sense to just allow sudo
> to read a sudoers.json file directly.

That would be fine for me: I'd be happy with imposing a system which said that you could generate the JSON from a sudoers file but not print the JSON back to a flat sudoers file, so you'd do a once-off import and then live in a world where everything was JSON.  I think such a thing could even be sold to the kind of 'enterprise' people who are worrying about sudoers audits, since JSON<->XML is trivial, and XML is something they'll like, so I could claim this was sudoers-in-XML.

In other words: JSON->parse tree would be fine as a first step (from my point of view), even if you can't print the sudoers file from it.

sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list