[sudo-workers] Visudo pre/post hooks
Michael Grubb
sudo at dailyvoid.com
Tue Jul 5 17:45:49 EDT 2005
I would agree that is probably the better solution, however it is a
much more complicated solution, and there are many barriers to
implementing this in our environment.
On Jul 5, 2005, at 4:10 PM, Bob Proulx wrote:
> Michael Grubb wrote:
>
>> At my location we wanted to monitor/control changes to the sudoers
>> file.
>> This requirement gave birth to the attached patch.
>>
>
> I am sure the patch is useful. But my own opinion is that this would
> be better handled by checking the file into version control. Then you
> can use all of the existing hook script capabilities of the version
> control system to monitor and control changes to the sudoers file. No
> changes to sudo or visudo are required. This is what we do on our
> site and it works well. (We use 'visudo -c -f sudoers.tmp' in the
> hook script.)
>
> Bob
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
>
>
>
More information about the sudo-workers
mailing list