Question about using cat on sudoers file.

claudiogc · 2017-01-14 12:25:40

Hi!

I made an arch install script just for me and i want to automate sudo configuration too. So i read on the following tutorial i should use visudo, but i have in my mind do something like this:
https://wiki.archlinux.org/index.php/sudo

I'll create a file called "sudo-conf.txt".

clau ALL=(ALL) ALL
Defaults:clau timestamp_timeout=0

In my install script, as superuser i'll run the following command:

cat sudo-conf.txt >> /etc/sudoers

I would like to know if is there any problem with that.

Thanks!

Rethil · 2017-01-14 12:40:22

Here
https://wiki.archlinux.org/index.php/Sudo#Using_visudo

claudiogc · 2017-01-14 13:34:40

Rethil wrote:

Here
https://wiki.archlinux.org/index.php/Sudo#Using_visudo

I already told i read that. I just want to know if is there any problem using cat instead of vi, vim, visudo...

2ManyDogs · 2017-01-14 13:39:38

Well, if you want to ignore the warnings in the topic you say you read, and you are absolutely certain that there are no errors in the lines you want to add, then sure, no problem using cat.

Arch Wiki wrote:

Using visudo
The configuration file for sudo is /etc/sudoers. It should always be edited with the visudo command. visudo locks the sudoers file, saves edits to a temporary file, and checks that file's grammar before copying it to /etc/sudoers.
Warning:
It is imperative that sudoers be free of syntax errors! Any error makes sudo unusable. Always edit it with visudo to prevent errors.

Last edited by 2ManyDogs (2017-01-14 13:41:04)

claudiogc · 2017-01-14 13:53:51

Ok, i changed my mind.

I'll use visudo.

Regarding error syntax, i don't know, i thought there was no error. Where is it please?

oliver · 2017-01-14 14:08:02

All IMO of course but I think the warnings about only ever using visudo are only valid in a few situations:
i) You're in a production/work environment where a broken sudoers would have grave consequences for automated work
ii) Your system has tons of users who would be irritated if they lost some permissions
iii) Your system has a locked root account

If it's your personal box and you have root then it's *trivial* to revert any changes

Personally, I like using this directive

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d

If you did that, you could copy your modifications there instead

cp clau.conf /etc/sudoers.d/

And then use visudo to check the syntax

visudo -cf /etc/sudoers.d/clau.conf

If the exit code is not zero then restore your back-up (if you're doing this in a script) and exit out

I'd answer your question by asking "what's the worst that happens if you break sudo?"

fsckd · 2017-01-14 14:55:20

claudiogc wrote:

Ok, i changed my mind.
I'll use visudo.
Regarding error syntax, i don't know, i thought there was no error. Where is it please?

You should check yourself if there are errors or not. If you ever change those lines in the future, check for yourself if the changes have errors. The point being that visudo automates checks and if you don't use visudo you must do the checks manually yourself. Feel free to append directly to sudoers without using visudo, but be aware of the risks and ways to mitigate them. The burden for managing your system is entirely on you.

Edit: For some reason I didn't see oliver's reply until after I posted. I like their suggestion.

Arch Linux

#1 2017-01-14 12:25:40

Question about using cat on sudoers file.

#2 2017-01-14 12:40:22

Re: Question about using cat on sudoers file.

#3 2017-01-14 13:34:40

Re: Question about using cat on sudoers file.

#4 2017-01-14 13:39:38

Re: Question about using cat on sudoers file.

#5 2017-01-14 13:53:51

Re: Question about using cat on sudoers file.

#6 2017-01-14 14:08:02

Re: Question about using cat on sudoers file.

#7 2017-01-14 14:55:20

Re: Question about using cat on sudoers file.

Board footer