Bug 367

Summary: validating sudoers content
Product: Sudo Reporter: Bdale Garbee <bdale>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: low    
Version: 1.7.2   
Hardware: PC   
OS: Linux   
URL: http://bugs.debian.org/192522

Description Bdale Garbee 2009-08-31 14:57:56 MDT 
One of the users of my Debian packaging of sudo pointed out a while back that a change in sudoers syntax or semantics at one point caused him to lose root access to a system he was in the process of upgrading, and he thus requested that I add a check to my packaging to validate the content of sudoers and abort the upgrade if it appears incompatible with the new sudo version being installed.

I suspect there's a way to do this reliably with the existing sudo options and exit codes, but it's not immediately obvious what the best approach would be?  What we want, I think, is just a "go/no-go" indication of whether sudo is going to run or error out when it reads and parses sudoers.  

Thoughts?

Bdale
Comment 1 Todd C. Miller 2009-08-31 15:06:34 MDT 
You should be able to use "visudo -cf /etc/sudoers" to verify that the sudoers file parses correct.  If you get back "/etc/sudoers: parsed OK" sudo should be able to parse the file.
Comment 2 Todd C. Miller 2010-06-18 16:51:43 MDT 
Running "visudo -q -c" and checking the exit status should be sufficient.