[sudo-workers] Seeking input (patch for printing sudoers path)

[Barron, Danny]

Actually that was what I had advised administrative folks here to do
(use strings)...but it didn't seem something that it was likely would be
remembered how to do, more than a day or two.  I'd really prefer
something that would be be a switch.
Ok, I would not think it of importance enough to add a new option, can
anyone think of a better place to possible wedge the information in ?  I
also thought of the non-root -V (version information) 
I have to always stop and think that they're not going to be as
technical as I am and that they manage more than 2000 unix machines....

-----Original Message-----
From: Bob Proulx [mailto:bob at proulx.com] 
Sent: Friday, July 14, 2006 11:33 AM
To: Barron, Danny
Cc: sudo-workers at sudo.ws
Subject: Re: [sudo-workers] Seeking input (patch for printing sudoers
path)

Barron, Danny wrote:
> I work in a very large datacenter environment with multiple clients.
> Due to an inherent level of confusion, it would be advantageous to add

> a line to sudo -V (as root), to print out what the path to sudoers is.
> Sometimes we have several copies (I know it shouldn't happen...but too

> many fingers in the pot)...and well you see.

I think it would be reasonable to see the path to the sudoers config
file but I don't think it should be part of -V which by convention
should print out the version string and perhaps a copyright message.
I think printing out compilation information is doing too much there.

What I do to track the config file is this:

  $ strings $(type -p sudo) | grep /sudoers
  /etc/sudoers

Perhaps that is enough?

> I think my meagre C skills are quite adequate for this...and I'll 
> gladly submit a patch shortly...what I was wondering was, does any one

> perceive this as a security problem?

That information is already available.  There should be no new security
issues created by this.  From that point of view it should be fine.

Bob