[sudo-workers] sudo 1.7.2b1 available

Todd C. Miller Todd.Miller at courtesan.com
Fri Jun 12 09:32:01 EDT 2009

The first beta version of sudo 1.7.2 is now available.

Download links:

Major changes between sudo 1.7.1 and 1.7.2b1:

 * A new #includedir directive is available in sudoers.  This can be
   used to implement an /etc/sudo.d directory.  Files in an includedir
   are not edited by visudo unless they contain a syntax error.

 * A setenv() compatibility fix for Linux systems, where a NULL
   value is treated the same as an empty string.

 * When doing password and group database lookups, sudo will only
   cache an entry by name or by id, depending on how the entry was
   looked up.  Previously, sudo would cache by both name and id
   from a single lookup, but this breaks sites that have multiple
   password or group database names that map to the same uid or

 * The -g option did not work properly when only setting the group
   (and not the user).  Also, in -l mode the wrong user was displayed
   for sudoers entries where only the group was allowed to be set.

 * BSM audit fixes when changing to a non-root uid.

 * User and group names in sudoers may now be enclosed in double
   quotes to avoid having to escape special characters.

 * Experimental non-Unix group support.  Currently only works with
   Quest Authorization Services and allows Active Directory groups
   to be specified in sudoers.

 * Portability fixes for Minix-3.

 * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
   paths may be specified as a directory or a file.  However, version
   5.0 of the SDK only appears to support using a directory (despite
   documentation to the contrary).  If SSL client initialization
   fails and the certificate or key paths look like they could be
   default file name, strip off the last path element and try again.

More information about the sudo-workers mailing list