[sudo-workers] Adding a second sysconfdir
Todd C. Miller
Todd.Miller at sudo.ws
Thu Feb 9 13:46:46 MST 2023
On Wed, 01 Feb 2023 14:11:43 -0700, "Todd C. Miller via sudo-workers" wrote:
> Another option would be to make _PATH_SUDOERS, _PATH_SUDO_CONF, and
> _PATH_SUDO_LOGSRVD_CONF a colon-separated list of path. For example,
> if distconfdir is set this could be "/etc/sudoers:/usr/etc/sudoers".
> Then the functions that open the configuration file would simply
> choose the first file in the list that exists.
>
> This seems like a more general solution to me.
Here is a (large) patch that implements configuration paths in sudo
and adds support for distconfdir, as I understand it.
For visudo, if there is no sysconfdir sudoers file but the distconfdir
version exists, the distconfdir version is edited and installed in
sysconfdir. There is a minor issue in visudo where syntax errors
in the distconfdir file will be reported with the file name of the
sysconfdir version but that is fairly minor and the distconfdir
sudoers file should not contain errors in the first place.
This feature will not make sudo 1.9.13 but it should be possible
to include it in 1.9.14.
- todd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-config-path-distconfdir.patch
Type: text/x-patch
Size: 60025 bytes
Desc: not available
URL: <http://www.sudo.ws/pipermail/sudo-workers/attachments/20230209/41504744/attachment.bin>
More information about the sudo-workers
mailing list