[sudo-workers] Feature request

Eric J. Wisti sudo-list at wisti.com
Tue Mar 17 23:52:40 EDT 2009

What about "= (ALL)   ^IALL" or other oddities that whitespace brings. 
I've been trying to emulate the parser for sudo and it seems that 80% of 
what I need is IN sudo now. I've looked for code via google and there 
isn't much out there. There are a number of people in my same situation. 
Seems like a tinker here and there and you'd have a great feature for 
sudo, since it's a key in many audit situations.

Another thing, is user xyz permitted root privs? Using grep (or perl), you 
need to look for all groups with (ALL) ALL or su - root or su - (without 
a trailing pattern) or su (without a trailing pattern). Those are the few 
I can think of. Then, you need to go back and check for any groups, 
netgroups, ldap, etc and see if they are used. Then you can finally check 
to see if user xyz has x command.

Since we are talking about a utility that permits root usage and audits 
need to know who has what, it seems like a big win and not too much coding 
(guess on my part).

I'm a minimalist. I'd prefer to not rewrite the sudoers parser in perl.... 


> If i'm not mistaken ...
> grep /etc/sudoers 'ALL = (ALL) ALL' | awk '{ print $1 }'
> would print all of the users and groups that are allowed full access.
> Although this wouldn't be enough for a PCI audit.  There could be include
> files, sub-permissions and potential other privileges that could be
> elevated.

More information about the sudo-workers mailing list