[sudo-users] Grouping Cmnd_Alias commands into one file?

Todd C. Miller Todd.Miller at courtesan.com
Thu Oct 6 08:43:54 MDT 2016

On Thu, 06 Oct 2016 10:10:08 -0400, Leam Hall wrote:

> Is it "best practice" or "bad idea" to put all Cmnd_Alias commands into 
> one file, say /etc/sudoers.d/cmnd_alias? Then you put each role's (user, 
> group, etc) allowed commands in their own file.

That seems reasonable.  It sounds like you are using Cmnd_Aliases
to define roles and then assigning the roles to users in separate
files.  The downside is that visudo does not check the files in
/etc/sudoers.d by default so you won't have as robust error checking.

 - todd

More information about the sudo-users mailing list