Seite 1 von 1

opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 15 Okt 2014, 09:24
von giner
Hello,

OPSI 4.0.4.
It is best pratcice for Debian-based systems to create a new file in /etc/sudoers.d instead of patching /etc/sudoers.

Best regards,
Stanislav

Re: opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 16 Okt 2014, 14:15
von n.wenselowski
Hello Stanislav,

thanks for your input.
I have created an internal ticket for this so it will be approached in future versions. As we are in good progress finishing the release for opsi 4.0.5 this change will probably not be included in this release.


With kind regards

Niko

Re: opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 16 Okt 2014, 14:31
von giner
Hello Niko,

It's more cosmetic change, so no issue here.
Thank you!

Best regards,
Stanislav German-Evtushenko

Re: opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 16 Okt 2014, 22:33
von dkoch
You would have to patch /etc/sudoers:

Code: Alles auswählen

+includedir /etc/sudoers.d
Because its not included by default.
Without knowing what is in there...
Thats not a good idea.

I would recommend to use /etc/opsi/sudoers.
That should also be much more maintainable.

Code: Alles auswählen

+include /etc/opsi/sudoers

Re: opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 16 Okt 2014, 22:46
von giner
Hello,
Because its not included by default.
It has been included for a long time already. The earilest Ubuntu version what I can be sure about is 10.04 already contains the following directive:

Code: Alles auswählen

#includedir /etc/sudoers.d
Best regards,
Stanislav German-Evtushenko

Re: opsi-setup: sudoers should go to /etc/sudoers.d

Verfasst: 17 Okt 2014, 08:35
von dkoch
Oh yes you are right. I looked that up.
I thought that the line is a comment. But the manpage says that this actually is the syntax.

Included since 31 Aug 2009

Code: Alles auswählen

sudo (1.7.2p1-1) unstable; urgency=low

  * new upstream version
  * add support for /etc/sudoers.d using #includedir in default sudoers, 
    which I think is also a good solution to the request for a crontab-like
    API requested in March of 2001, closes: #539994, #271813, #89743
  * move init.d script from using rcS.d to rc[0-6].d, closes: #542924

 -- Bdale Garbee <bdale@gag.com>  Mon, 31 Aug 2009 14:09:32 -0600