[sudo-workers] sudo 1.8.23b2 released

Todd C. Miller Todd.Miller at sudo.ws
Fri Mar 30 06:31:02 MDT 2018

The second beta version of sudo 1.8.23 is now available.  In addition
to bug fixes, sudo 1.8.23 introduces the cvtsudoers utility which
can convert between sudoers formats and perform some basic filtering.


SHA256 checksum:
MD5 checksum:

Binary packages:

For a list of download mirror sites, see:

Sudo web site:

Sudo web site mirrors:

Major changes between sudo 1.8.23b2 and 1.8.23b1:

 * Fixed a bug on some systems where sudo could hang on command
   exit when I/O logging was enabled.  Bug #826.

 * The cvtsudoers utility has gained an option to control what type
   of Defaults entries are translated.

 * The sudoers.ldap manual now has a section on converting from
   file-based sudoers to LDAP-based.

Major changes between sudo 1.8.23b1 and 1.8.22:

 * PAM account management modules and BSD auto approval modules are
   now run even when no password is required.

 * For kernel-based time stamps, if no terminal is present, fall
   back to parent-pid style time stamps.

 * The new cvtsudoers utility replaces both the "sudoers2ldif" script
   and the "visudo -x" functionality.  It can read a file in either
   sudoers or LDIF format and produce JSON, LDIF or sudoers output.
   It is also possible to filter the generated output file by user,
   group or host name.

 * The file, ldap and sss sudoers backends now share a common set
   of formatting functions for "sudo -l" output, which is also used
   by the cvtsudoers utility.

 * The /run directory is now used in preference to /var/run if it
   exists. Bug #822.

 * More accurate descriptions of the --with-rundir and --with-vardir
   configure options.  Bug #823.

 * The setpassent() and setgroupent() functions are now used on systems
   that support them to keep the passwd and group database open.
   Sudo performs a lot of passwd and group lookups so it can be
   beneficial to avoid opening and closing the files each time.

 * The new case_insensitive_user and case_insensitive_group sudoers
   options can be used to control whether sudo does case-sensitive
   matching of users and groups in sudoers.  Case insensitive
   matching is now the default.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://www.sudo.ws/pipermail/sudo-workers/attachments/20180330/ac5fdb48/attachment.bin>

More information about the sudo-workers mailing list