First Last Prev Next    This bug is not in your last search results.
Bug 367 - validating sudoers content
validating sudoers content
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.7.2
PC Linux
: low enhancement
Assigned To: Todd C. Miller
http://bugs.debian.org/192522
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-31 14:57 MDT by Bdale Garbee
Modified: 2010-06-18 16:51 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bdale Garbee 2009-08-31 14:57:56 MDT 
One of the users of my Debian packaging of sudo pointed out a while back that a change in sudoers syntax or semantics at one point caused him to lose root access to a system he was in the process of upgrading, and he thus requested that I add a check to my packaging to validate the content of sudoers and abort the upgrade if it appears incompatible with the new sudo version being installed.

I suspect there's a way to do this reliably with the existing sudo options and exit codes, but it's not immediately obvious what the best approach would be?  What we want, I think, is just a "go/no-go" indication of whether sudo is going to run or error out when it reads and parses sudoers.  

Thoughts?

Bdale
Comment 1 Todd C. Miller 2009-08-31 15:06:34 MDT 
You should be able to use "visudo -cf /etc/sudoers" to verify that the sudoers file parses correct.  If you get back "/etc/sudoers: parsed OK" sudo should be able to parse the file.
Comment 2 Todd C. Miller 2010-06-18 16:51:43 MDT 
Running "visudo -q -c" and checking the exit status should be sufficient.
First Last Prev Next    This bug is not in your last search results.