[sudo-workers] Error/Warning word in visudo output
Todd C. Miller
Todd.Miller at courtesan.com
Tue Feb 21 11:00:11 MST 2017
On Tue, 21 Feb 2017 04:48:32 -0500, Tomas Sykora wrote:
> No, we don't have any customer complaining about this, we haven't
> shipped this new sudo yet. But still we think this is a regression
> to worse and it would be nice to have this information in the output
> message. For example if user ran 'visudo -s -c' (with the older
> sudo version) with bad cofiguration in sudoers, it gives Error in
> output, but running 'visudo -c' gives just Warning with the same
> configutation. Currently visudo gives the same output in both cases.
> Although 'visudo -c' gives extra message '/etc/sudoers: parsed OK',
> but I think it's not clear if it's considered as Error or Warning
> in the strict mode (when user doesn't open visudo but just checks
> it with 'visudo -s -c').
By definition, in strict mode there are no warnings--everything is
an error. My reasoning was that since you know whether you are
runing in strict mode or not, the warning vs. error prefix was
extraneous. I'm willing to be convinced otherwise, though.
I also had some trouble deciding where the warning/error text would
go now that the message includes file and line number information.
Perhaps it is simplest to just replace the "visudo:" prefix with
"Warning:" or "Error:".
- todd
More information about the sudo-workers
mailing list