sudoers: Syntax Checking

As you may recall I posted recently about the safest way to deploy a crontab. One of my points was using certain commands you can perform syntax checking on the file. Well crontab isn't the only command that performs syntax checking.

When you edit your sudoers file it is best practice that you use visudo rather than editing the /etc/sudoers file directly. Visudo will perform syntax checking when you save the file.

The question is how do you get syntax checking when using version control? The answer is actually pretty easy, by using visudo; visudo has a flag that will perform a syntax check on the sudoers file.

[[email protected] ~]# visudo -c  
/etc/sudoers: parsed OK

You can run this after deployment to ensure the syntax is correct.

Another cool feature of visudo is you can tell it to check a specified file rather than the /etc/sudoers file. This means you can also perform the visudo check on your repository server before you even check it in.

[[email protected] ~]# visudo -cf /var/tmp/   
/var/tmp/ parsed OK
Benjamin Cane
Principal Engineer, Vice President

Benjamin Cane is Principal Engineer at American Express. He has more than 16 years of experience with roles in both systems and software engineering. He leverages both his systems and software skills to build end-to-end platforms. Platforms, purpose built for performance and resiliency. Benjamin is also the author of Red Hat Enterprise Linux - Troubleshooting Guide (2015, Packt Publishing), and he has published many popular articles on topics such as Linux, Docker, Python, Go and Performance Tuning. Thoughts and Opinions expressed in my articles are my own.