On 2022-11-15 10:32, Richard Brown wrote:
Hi Jason,
Great to see you here :)
On Mon, 2022-11-14 at 15:17 -0800, Jason Sikes wrote:
2. Sudo has only one configuration file: "sudoers". Its location is determined during the "%configuration" step. The sudo binary does not support two sudoers files nor having a sudoers file in an alternate or fallback location.
That's unfortunate, and exactly the sort of problem Thorsten was referencing when saying sometimes major engineering needs to take place.
In an ideal world, we really need the following
/usr/etc/sudoers - the packaged default config file /usr/etc/sudoers.d - packaged snippits /etc/sudoers - the user provided config file /etc/sudoers.d - user provided snippits
In that same ideal world, the configurations would be applied in that order, with the lowest in the list overriding/taking precidence over the top of the list.
Can you really, at the packaging end, really do all that? Shouldn't this be done upstream? ...
Then, given visudo is the recommended way of modifying the sudoers..could visudo detect if /etc/sudoers is a symlink?
Consider that visudo is currently designed to be able to call any editor the admin wishes. Not only "vi". Consider that visudo should check all the files and present a single edit view Again, can you really, at the packaging end, really do all that? Shouldn't this be done upstream? IMHO, doing it here may result in a hack. Just another thought :-) -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)