[sudo-users] sudo-users Digest, Vol 223, Issue 2
Mark Wilson
mark.wilson at byu.edu
Thu Oct 6 11:20:38 MDT 2022
We've always used the "#includedir" option and placed additional sudoers files in the specified directory. In this way, using "visudo" only opens the main "sudoers" file, and not any additional sudoer files.
The main sudoers file has the following in it, to specify the include directory:
#includedir /etc/sudoers.d
Example of additional files and their location:
/etc/sudoers.d/001_sudo_user_permissions
/etc/sudoers.d/090_sudo_default_customizations
-Mark Wilson
________________________________
From: sudo-users <sudo-users-bounces at sudo.ws> on behalf of sudo-users-request at sudo.ws <sudo-users-request at sudo.ws>
Sent: Wednesday, October 5, 2022 12:00 PM
To: sudo-users at sudo.ws <sudo-users at sudo.ws>
Subject: sudo-users Digest, Vol 223, Issue 2
Send sudo-users mailing list submissions to
sudo-users at sudo.ws
To subscribe or unsubscribe via the World Wide Web, visit
https://www.sudo.ws/mailman/listinfo/sudo-users
or, via email, send a message with subject or body 'help' to
sudo-users-request at sudo.ws
You can reach the person managing the list at
sudo-users-owner at sudo.ws
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sudo-users digest..."
Today's Topics:
1. Re: visudo but don't open #include files? (Todd C. Miller)
2. Re: visudo but don't open #include files? (Todd C. Miller)
----------------------------------------------------------------------
Message: 1
Date: Tue, 04 Oct 2022 14:27:42 -0600
From: "Todd C. Miller" <Todd.Miller at millert.dev>
To: Greg Gerke <Greg.Gerke at kyndryl.com>
Cc: "sudo-users at sudo.ws" <sudo-users at sudo.ws>
Subject: Re: [sudo-users] visudo but don't open #include files?
Message-ID: <61213900e33a54d0 at millert.dev>
Content-Type: text/plain; charset="us-ascii"
On Tue, 04 Oct 2022 13:34:44 -0000, Greg Gerke wrote:
> When I use visudo and go to update /etc/sudoers it always goes and opens each
> #include file that I've got. Is there a way to bypass this action? I've got
> some servers that have upwards of a dozen #include files and there's none of
> them I'd need to update and just end up doing a :q a dozen times.
>
> I've been trying to use visudo just to make sure I don't fat finger something
> in my haste to get in and get out but this action makes me think I should ju
> st be using a straight "vi /etc/sudoers" and double check before exiting...
There is currently no way to edit a sudoers file without also editing
the files it includes. I could certainly add an option to ignore
includes, perhaps something like "visudo -I".
- todd
------------------------------
Message: 2
Date: Tue, 04 Oct 2022 14:40:19 -0600
From: "Todd C. Miller" <Todd.Miller at millert.dev>
To: Greg Gerke <Greg.Gerke at kyndryl.com>
Cc: "sudo-users at sudo.ws" <sudo-users at sudo.ws>
Subject: Re: [sudo-users] visudo but don't open #include files?
Message-ID: <61213ba8fdb7e3c9 at millert.dev>
Content-Type: text/plain; charset="us-ascii"
On Tue, 04 Oct 2022 14:27:42 -0600, "Todd C. Miller" wrote:
> There is currently no way to edit a sudoers file without also editing
> the files it includes. I could certainly add an option to ignore
> includes, perhaps something like "visudo -I".
What I have in mind is not to actually ignore includes, but to just
edit the main file and any include files that have a pre-existing
syntax error.
- todd
------------------------------
Subject: Digest Footer
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users
------------------------------
End of sudo-users Digest, Vol 223, Issue 2
******************************************
More information about the sudo-users
mailing list