sudoers: Syntax Checking

Written by Benjamin Cane on 2011-07-16

As you may recall I posted recently about the safest way to deploy a crontab. One of my points was using certain commands you can perform syntax checking on the file. Well crontab isn't the only command that performs syntax checking.

When you edit your sudoers file it is best practice that you use visudo rather than editing the /etc/sudoers file directly. Visudo will perform syntax checking when you save the file.

The question is how do you get syntax checking when using version control? The answer is actually pretty easy, by using visudo; visudo has a flag that will perform a syntax check on the sudoers file.

[[email protected] ~]# visudo -c  
/etc/sudoers: parsed OK

You can run this after deployment to ensure the syntax is correct.

Another cool feature of visudo is you can tell it to check a specified file rather than the /etc/sudoers file. This means you can also perform the visudo check on your repository server before you even check it in.

[[email protected] ~]# visudo -cf /var/tmp/sudoers.new   
/var/tmp/sudoers.new: parsed OK

Picture of Benjamin Cane

Benjamin's specialty is keeping the lights on for mission critical systems. He is currently building applications that enable high concurrency financial transactions.

Recently Benjamin published his first book; Red Hat Enterprise Linux Troubleshooting Guide. In addition to writing, he has several Open Source projects focused on making Ops easier. These projects include Automatron, a project enabling auto-healing infrastructure for the masses.


Publications

Identify, capture and resolve common issues faced by Red Hat Enterprise Linux administrators using best practices and advanced troubleshooting techniques

What people are saying:
Excellent, excellent resource for practical guidance on how to troubleshoot a wide variety of problems on Red Hat Linux. I particularly enjoyed how the author made sure to provide solid background and practical examples. I have a lot of experience on Red Hat but still came away with some great practical tools to add to my toolkit. - Amazon Review