Bugzilla – Bug 333
includedir sudoers option
Last modified: 2009-07-28 13:59:00 MDT
Please, add includedir sudoers file option. includedir "/etc/sudoers.d" should include config parts from directory /etc/sudoers.d We'd like to make users sudoers automatically (for example, by installing debian package mycompany-john-sudoer).
When visudo is run, it will edit each file explicitly included with a #include directive in sudoers. If the includedir feature were to be added, do you think the files in that directory should be automatically edited when visudo is run?
No, visudo should not edit included files (there could be lots of them), however, visudo should print warnings if included files have errors. Extra note: includedir should ignore files having dots in file name to NOT include files like /etc/sudoers.d/john.dpkg-old or /etc/sudoers.d/.john.swp .
Created attachment 252 [details] Diff to add #includedir functionality, relative to sudo 1.7.1 Note that this diff is relative to sudo 1.7.1
The content of attachment 252 [details] has been deleted by Todd C Miller <Todd.Miller@courtesan.com> who provided the following reason: obsolete The token used to delete this attachment was generated at 2009-04-18 19:40:19 EST5EDT.
Created attachment 253 [details] Diff to add #includedir functionality, relative to sudo 1.7.1
#includedir should also ignore files with names starting with dot (like vim .john.swp). logrotate has tabooext directive, and with tabooext unspecified logrotate excludes files whose names end with .rpmorig, .rpmsave, .dpkg-dist, .dpkg-old, .dpkg-new, .disabled, ,v, .swp, .rpmnew, and ~. Probably this extensions should be excluded in sudo too.
For now I've decided to just ignore files witha dot in them. I'll think about adding a knob for this though.
Yes, ignoring files containing dots anywhere in the name is a standard practice.
#includedir was added in sudo 1.7.2