Bug 775 – Clarify in man page: /sudoers read before /sudoers.d/*

Bug 775 - Clarify in man page: /sudoers read before /sudoers.d/*


Summary:	Clarify in man page: /sudoers read before /sudoers.d/*

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Documentation
Version:	1.8.10
Hardware:	All Linux

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-02-13 03:00 MST by Loren M
Modified:	2017-05-10 10:35 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Loren M 2017-02-13 03:00:24 MST

At present the sudoers man page states that "sudoers.d/*" files are read in lexicographic order, but does not clearly state that "sudoers" is read before files contained in "sudoers.d".

While potentially obvious to some, it's been the subject of a brief argument and some testing to determine behavior. It would be nice to have the section of the man page covering config read-ordering cover the other relevant file.

Comment 1 Todd C. Miller 2017-05-08 13:42:14 MDT

Actually, the order in which sudoers.d/* files are read depends on where the #includedir directive is placed in /etc/sudoers.  Typically it is at the end but it doesn't need to be.

When /etc/sudoers is opened and parsed, if it encounters a #include or #includedir directive, that file (or group of files for #includedir) is parsed and when the end is reached, the original file continues parsing.

Comment 2 Todd C. Miller 2017-05-08 13:56:04 MDT

I've attempted to clarity the situation in https://www.sudo.ws/repos/sudo/rev/f68769f15356

Comment 3 Todd C. Miller 2017-05-10 10:35:31 MDT

The documentation change is present in sudo 1.8.20, available now.