|
Bugzilla – Full Text Bug Listing |
| Summary: | Conflicting Permissions Checks | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | hummdis |
| Component: | Visudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | low | ||
| Priority: | low | ||
| Version: | 1.8.27 | ||
| Hardware: | All | ||
| OS: | All | ||
|
Description
hummdis
2021-11-05 14:01:02 MDT
This is documented under the description of the -c option:
If the path to the sudoers file was not specified, visudo will also check the file owner and mode.
This allows "visudo -c" to be used to validate the syntax for uninstalled files, such as those checked in to a revision control system.
I certainly missed that one. Given that some systems break when the permissions are not exactly 0440 (the deployment had set the files in /etc/sudoers.d/ set to 0755), do you have suggestions as to how we can test and validate on a per-file basis since the "visudo -cs" would only work after the files are in-place and thus 'sudo' access is now damaged? I think what is needed are some extra options, something like --check-perms and --check-owner The following commit adds -O and -P options to visudo to enable ownership and/or permission checks which can be used with the -c option. https://www.sudo.ws/repos/sudo/rev/1f20721148b0 Wow! Thank you! I honestly didn't expect this, but I appreciate it and will certainly look forward to this being out in all of the repos! I'm sure it'll make everyone's lives easier. Thanks, again! I'll mark 'Resolved' and 'Fixed.' Cheers! |