Bug 91

Summary: wishlist: integrate and extend visudo to handle arbitrary files
Product: Sudo Reporter: era+sudo
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: normal    
Version: 1.6.6   
Hardware: PC   
OS: Linux   

Description era+sudo 2002-07-29 04:30:41 MDT
I looked at your web page with similar (competing) utilities and several of them
seem to have a feature which I find missing in sudo: the ability to give users
permissions to edit root-owned files under relatively strict control. This is
the one thing I need to do often as root, and I'd love to be able to have some
security added to this scenario.

Do you think the visudo component could be brought back into sudo itself, and
extended so that you could give users permissions on a per-file basis? Having
the option to run a syntax check and/or install script (restart the related
daemon, or whatever) would be great, too. It shouldn't even be hard to do, I
guess, although the sudoers file format is hard to extend to accommodate this --
but I guess as a matter of fact just for security reasons, you'd like to have a
separate file for file permissions in any event.

To be perfectly frank, I'd consider moving to one of the other sudo-like
solutions if one was available as a Debian package, but it seems that sudo is
the one which is actively developed and in relatively common use (on Linux, at
least).
Comment 1 Todd C. Miller 2004-01-21 16:00:09 MST
The next release of sudo with include the capability to edit files as the 
invoking user via the new "-e" flag or by running "sudoedit".  The changes will 
show up in the sudo anoncvs tree in a few hours.