[sudo-workers] Visudo pre/post hooks

Bob Proulx bob at proulx.com
Tue Jul 5 17:10:44 EDT 2005


Michael Grubb wrote:
> At my location we wanted to monitor/control changes to the sudoers file.
> This requirement gave birth to the attached patch.

I am sure the patch is useful.  But my own opinion is that this would
be better handled by checking the file into version control.  Then you
can use all of the existing hook script capabilities of the version
control system to monitor and control changes to the sudoers file.  No
changes to sudo or visudo are required.  This is what we do on our
site and it works well.  (We use 'visudo -c -f sudoers.tmp' in the
hook script.)

Bob



More information about the sudo-workers mailing list