sudoers: Syntax Checking

Written by Benjamin Cane on 2011-07-16 02:43:59

As you may recall I posted recently about the safest way to deploy a crontab. One of my points was using certain commands you can perform syntax checking on the file. Well crontab isn't the only command that performs syntax checking.

When you edit your sudoers file it is best practice that you use visudo rather than editing the /etc/sudoers file directly. Visudo will perform syntax checking when you save the file.

The question is how do you get syntax checking when using version control? The answer is actually pretty easy, by using visudo; visudo has a flag that will perform a syntax check on the sudoers file.

[[email protected] ~]# visudo -c  
/etc/sudoers: parsed OK

You can run this after deployment to ensure the syntax is correct.

Another cool feature of visudo is you can tell it to check a specified file rather than the /etc/sudoers file. This means you can also perform the visudo check on your repository server before you even check it in.

[[email protected] ~]# visudo -cf /var/tmp/sudoers.new   
/var/tmp/sudoers.new: parsed OK

Picture of Benjamin Cane

Benjamin is a Systems Architect working in the financial services industry focused on platforms that require Continuous Availability. He has been working with Linux and Unix for over 10 years now and has recently published his first book; Red Hat Enterprise Linux Troubleshooting Guide.

Publications

Identify, capture and resolve common issues faced by Red Hat Enterprise Linux administrators using best practices and advanced troubleshooting techniques

What people are saying:
Red Hat Enterprise Linux Troubleshooting Guide may just be all you need in your quest to wear the red hat. - Perry N.
Buy on Amazon

Sponsored by