[sudo-workers] Adding a second sysconfdir
Jason Sikes
jsikes at suse.com
Fri Feb 10 00:30:20 MST 2023
Todd,
This looks great!
I really appreciate the work that you have done on this. I wasn't
expecting it.
Funny thing is that in an earlier iteration I kind of did the same thing
except that I did the multiple paths from the start, without
"distconfdir". So one could have multiple configuration paths by specifying:
$ ./configure --sysconfdir=/etc:/usr/etc
But my colleague who knows more about Autoconf than me said "no".
Anyway, this is excellent!
--Thank you,
--Jason
On 2/9/23 12:46, Todd C. Miller wrote:
> On Wed, 01 Feb 2023 14:11:43 -0700, "Todd C. Miller via sudo-workers" wrote:
>
>> Another option would be to make _PATH_SUDOERS, _PATH_SUDO_CONF, and
>> _PATH_SUDO_LOGSRVD_CONF a colon-separated list of path. For example,
>> if distconfdir is set this could be "/etc/sudoers:/usr/etc/sudoers".
>> Then the functions that open the configuration file would simply
>> choose the first file in the list that exists.
>>
>> This seems like a more general solution to me.
> Here is a (large) patch that implements configuration paths in sudo
> and adds support for distconfdir, as I understand it.
>
> For visudo, if there is no sysconfdir sudoers file but the distconfdir
> version exists, the distconfdir version is edited and installed in
> sysconfdir. There is a minor issue in visudo where syntax errors
> in the distconfdir file will be reported with the file name of the
> sysconfdir version but that is fairly minor and the distconfdir
> sudoers file should not contain errors in the first place.
>
> This feature will not make sudo 1.9.13 but it should be possible
> to include it in 1.9.14.
>
> - todd
More information about the sudo-workers
mailing list