Hi Jason, Great to see you here :) On Mon, 2022-11-14 at 15:17 -0800, Jason Sikes wrote:
2. Sudo has only one configuration file: "sudoers". Its location is determined during the "%configuration" step. The sudo binary does not support two sudoers files nor having a sudoers file in an alternate or fallback location.
That's unfortunate, and exactly the sort of problem Thorsten was referencing when saying sometimes major engineering needs to take place. In an ideal world, we really need the following /usr/etc/sudoers - the packaged default config file /usr/etc/sudoers.d - packaged snippits /etc/sudoers - the user provided config file /etc/sudoers.d - user provided snippits In that same ideal world, the configurations would be applied in that order, with the lowest in the list overriding/taking precidence over the top of the list. I suppose what we could do (though ugly) is something like this /usr/etc/sudoers.d - packaged snippits /etc/sudoers - the user provided config file, defined in the %configuration step just like now but SYMLIKKED to a file /usr/etc/sudoers /etc/sudoers.d - user provided snippits This would mean we'd have a nice read-only sudoers in /usr/etc, but it would be read from /etc and a user could just replace the symlink with their own config if they felt like it. Then, given visudo is the recommended way of modifying the sudoers..could visudo detect if /etc/sudoers is a symlink? Then could it drop the symlink, copy /usr/etc/sudoers to /etc/sudoers, and open /etc/sudoers for editing? Normally I wouldn't go down this road, but given visudo is recommended for editing anyway, I guess we can move problem of handling /usr/etc/sudoers and /etc/sudoers gracefully into that Just a thought -- Richard Brown Linux Distribution Engineer - Future Technology Team SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Directors/Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman