Bug 618

Summary: Ignore drop-in sudoer files with syntax errors rather than breaking everything
Product: Sudo Reporter: bugzilla
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: low    
Version: 1.8.7   
Hardware: PC   
OS: All   

Description bugzilla 2013-10-28 13:07:41 MDT 
Installing a drop-in file with a syntax error to /etc/sudoers.d causes all sudo functionality to break. It might be better to just print out a warning message and ignore any drop-in file that has a syntax error.
Comment 1 Todd C. Miller 2013-11-11 15:37:03 MST 
To do this safely the sudoers.d data would have to be journaled instead of applied as the file is read.  If the file parsed OK the journal would then be replayed.  That way the sudoers.d file is either applied completely or not at all.
Comment 2 Todd C. Miller 2020-09-21 08:33:41 MDT 
Sudo 1.9.3 will now recover from syntax errors, ignoring the line with the error.