sudoers: Syntax Checking

As you may recall I posted recently about the safest way to deploy a crontab. One of my points was using certain commands you can perform syntax checking on the file. Well crontab isn’t the only command that performs syntax checking.

When you edit your sudoers file it is best practice that you use visudo rather than editing the /etc/sudoers file directly. Visudo will perform syntax checking when you save the file.

The question is how do you get syntax checking when using version control? The answer is actually pretty easy, by using visudo; visudo has a flag that will perform a syntax check on the sudoers file.

[[email protected] ~]# visudo -c  
/etc/sudoers: parsed OK

You can run this after deployment to ensure the syntax is correct.

Another cool feature of visudo is you can tell it to check a specified file rather than the /etc/sudoers file. This means you can also perform the visudo check on your repository server before you even check it in.

[[email protected] ~]# visudo -cf /var/tmp/   
/var/tmp/ parsed OK

About Benjamin

Benjamin is a Infrastructure and Software Engineer. On this blog he writes about Linux, Docker, Programming as well as other Systems topics.

Learn more about Linux

If you liked this article, check out Benjamin's book: Red Hat Enterprise Linux Troubleshooting Guide. Where you can learn a lot more about troubleshooting Linux systems. This book is filled with tips and techniques he has learned over years of managing mission critical systems.