8 Nov
2022
8 Nov
'22
21:51
Andrei Borzenkov wrote: > On Tue, Nov 8, 2022 at 8:35 AM Luciano Santos luc14n0@opensuse.org wrote: > > Hi Jim, > > You're basically describing the /etc move to /usr/etc [1], > > Which has absolutely nothing to do with this problem. A lot of users > did not ever touch /etc/sudoers so replacing old /usr/etc/sudoers with > new /usr/etc/sudoers would result in exactly the same issue. And for > users who *did* touch /etc/sudoers or otherwise added suitable manual > configuration there were no problems without any /usr/etc. > The most clean solution on SUSE would be > 1. move targetpw to separate sudoers.d snippet > 2. move it into a separate package like sudoers-legacy (or whatever, > sudo-branding-SUSE if you like) > 3. add split-alias to this new package > 4. *now* replace default sudoers with whatever content is deemed appropriate > so on update users will get new sudoers and sudoers-legacy and on new > installation only new sudoers. > Whether sudoers and sudoers.d are in /etc or in /usr/etc does not > matter for this particular case. My bad Andrei, I didn't quote the reply from Jim I was replying to, so my answer got a bit out of context. On a side note, I agree with you, even if we were using /usr/etc this issue would've had happened if the user hadn't changed anything sudoers-related, because a bad implementation still is a bad implementation. That change made to SUDO took more than one turn to the wrong direction sadly.