[sudo-workers] Seeking input (patch for printing sudoers path)
danny.barron at eds.com
Fri Jul 14 12:59:42 EDT 2006
Actually that was what I had advised administrative folks here to do
(use strings)...but it didn't seem something that it was likely would be
remembered how to do, more than a day or two. I'd really prefer
something that would be be a switch.
Ok, I would not think it of importance enough to add a new option, can
anyone think of a better place to possible wedge the information in ? I
also thought of the non-root -V (version information)
I have to always stop and think that they're not going to be as
technical as I am and that they manage more than 2000 unix machines....
From: Bob Proulx [mailto:bob at proulx.com]
Sent: Friday, July 14, 2006 11:33 AM
To: Barron, Danny
Cc: sudo-workers at sudo.ws
Subject: Re: [sudo-workers] Seeking input (patch for printing sudoers
Barron, Danny wrote:
> I work in a very large datacenter environment with multiple clients.
> Due to an inherent level of confusion, it would be advantageous to add
> a line to sudo -V (as root), to print out what the path to sudoers is.
> Sometimes we have several copies (I know it shouldn't happen...but too
> many fingers in the pot)...and well you see.
I think it would be reasonable to see the path to the sudoers config
file but I don't think it should be part of -V which by convention
should print out the version string and perhaps a copyright message.
I think printing out compilation information is doing too much there.
What I do to track the config file is this:
$ strings $(type -p sudo) | grep /sudoers
Perhaps that is enough?
> I think my meagre C skills are quite adequate for this...and I'll
> gladly submit a patch shortly...what I was wondering was, does any one
> perceive this as a security problem?
That information is already available. There should be no new security
issues created by this. From that point of view it should be fine.
More information about the sudo-workers