[sudo-workers] Seeking input (patch for printing sudoers path)

Bob Proulx bob at proulx.com
Fri Jul 14 12:32:57 EDT 2006


Barron, Danny wrote:
> I work in a very large datacenter environment with multiple clients.
> Due to an inherent level of confusion, it would be advantageous to add a
> line to sudo -V (as root), to print out what the path to sudoers is.
> Sometimes we have several copies (I know it shouldn't happen...but too
> many fingers in the pot)...and well you see.

I think it would be reasonable to see the path to the sudoers config
file but I don't think it should be part of -V which by convention
should print out the version string and perhaps a copyright message.
I think printing out compilation information is doing too much there.

What I do to track the config file is this:

  $ strings $(type -p sudo) | grep /sudoers
  /etc/sudoers

Perhaps that is enough?

> I think my meagre C skills are quite adequate for this...and I'll gladly
> submit a patch shortly...what I was wondering was, does any one perceive
> this as a security problem?

That information is already available.  There should be no new
security issues created by this.  From that point of view it should be
fine.

Bob



More information about the sudo-workers mailing list