[sudo-workers] Adding a second sysconfdir
Jason Sikes
jsikes at suse.com
Thu Dec 15 20:35:53 MST 2022
Hi All,
Currently we are working on a distribution of Linux that has the '/usr'
directory mounted read-only. A part of this change is to put the
configuration files provided by the Linux distribution into the /usr/etc
directory.
The system administrator then can put their configuration files, if
needed, into the /etc directory.
I have patched GNU Autoconf to provide an optional configuration
parameter: "distconfdir". This is similar to "sysconfdir" except it is
for configuration files provided by the distributor. In our case, the
configure option would read "--distconfdir=/usr/etc". The use of
"sysconfdir" will remain unchanged.
What we propose:
I am working on a patch so that when sudo is configured and built, the
build environment will accept the distconfdir parameter. Then during
execution, if that parameter exists, sudo will first try to open
/etc/sudoers, and if that fails then try to open /usr/etc/sudoers.
If the distconfdir parameter doesn't exist, then sudo's behavior is
unchanged.
One way that I might implement this is that the variable "sudoers_file"
will be assigned whichever file path successfully opens.
For visudo, we would have it try to read the sudoers file in the same
order as above but always write to the /etc directory.
Do you have thoughts or suggestions about this? I would like to hear
your opinions.
--Thank you,
--Jason
More information about the sudo-workers
mailing list