[sudo-workers] Visudo pre/post hooks

Michael Grubb sudo at dailyvoid.com
Tue Jul 5 17:45:49 EDT 2005


I would agree that is probably the better solution, however it is a  
much more complicated solution, and there are many barriers to  
implementing this in our environment.

On Jul 5, 2005, at 4:10 PM, Bob Proulx wrote:

> Michael Grubb wrote:
>
>> At my location we wanted to monitor/control changes to the sudoers  
>> file.
>> This requirement gave birth to the attached patch.
>>
>
> I am sure the patch is useful.  But my own opinion is that this would
> be better handled by checking the file into version control.  Then you
> can use all of the existing hook script capabilities of the version
> control system to monitor and control changes to the sudoers file.  No
> changes to sudo or visudo are required.  This is what we do on our
> site and it works well.  (We use 'visudo -c -f sudoers.tmp' in the
> hook script.)
>
> Bob
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
>
>
>




More information about the sudo-workers mailing list