On 2022-11-07 07:36, Stefan Seyfried wrote:
On 07.11.22 02:49, Luciano Santos wrote:
Hi Andrei, I think Stefan is just pointing out that the distro should've used a drop-in config file, under /etc/sudoers.d, for the "targetpw" as a good practice, more than anything.
But Stefan, here I'm afraid I disagree with you. In my point of view, the distro should offer a "canonical" sudoers file (under /usr/etc, preferably, so sysadmins can override it with their own /etc/sudoers) with whatever diversions from upstream they deem necessary. And atomic changes to the default behavior should be done using drop-in config files.
My idea with the drop-in (not completely speled out in the previous mail) was, that the "targetpw" could e.g. be part of an add-on package that would have been installed automatically on system updates, but not on new installations or something like that.
I think SLES does that. An add on package enables the wheel thing.
And yes, managing config updates one way or the other is always hard. Sometimes you really want the updated config for almost everyone and sometimes you don't. I somehow like the debian approach of listing up the changed files, allowing to show the difference and then having the user decide "new, old, edit", at least as an option. But I also have not used it in practice to automatically update thousands of servers at once ;-)
In this particular case, an advance warning on this list would certainly have helped. I personally read most of the "new tw snapshot mails" but often not as thorough to find such hidden gems in the changelogs.
Yes. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)