mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 09:57:41 +00:00
Add -I flag to disable editing include files unless there is an error.
This can be used when you only want to edit a single sudoers file unless there is a pre-existing syntax error.
This commit is contained in:
Todd C. Miller
parent
575200e734
commit
fa952bfbb7
@ -21,7 +21,7 @@
|
|||||||
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
|
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||||
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||||
.\"
|
.\"
|
||||||
.TH "VISUDO" "@mansectsu@" "September 13, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
.TH "VISUDO" "@mansectsu@" "October 4, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
||||||
.nh
|
.nh
|
||||||
.if n .ad l
|
.if n .ad l
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
@ -30,7 +30,7 @@
|
|||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.HP 7n
|
.HP 7n
|
||||||
\fBvisudo\fR
|
\fBvisudo\fR
|
||||||
[\fB\-chOPqsV\fR]
|
[\fB\-chIOPqsV\fR]
|
||||||
[[\fB\-f\fR]\ \fIsudoers\fR]
|
[[\fB\-f\fR]\ \fIsudoers\fR]
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
\fBvisudo\fR
|
\fBvisudo\fR
|
||||||
@ -208,6 +208,24 @@ option.
|
|||||||
\fB\-h\fR, \fB\--help\fR
|
\fB\-h\fR, \fB\--help\fR
|
||||||
Display a short help message to the standard output and exit.
|
Display a short help message to the standard output and exit.
|
||||||
.TP 12n
|
.TP 12n
|
||||||
|
\fB\-I\fR, \fB\--no-includes\fR
|
||||||
|
Disable the editing of include files unless there is a pre-existing
|
||||||
|
syntax error.
|
||||||
|
By default,
|
||||||
|
\fBvisudo\fR
|
||||||
|
will edit the main
|
||||||
|
\fIsudoers\fR
|
||||||
|
file and any files included via
|
||||||
|
\fI@include\fR
|
||||||
|
or
|
||||||
|
\fI#include\fR
|
||||||
|
directives.
|
||||||
|
Files included via
|
||||||
|
\fI@includedir\fR
|
||||||
|
or
|
||||||
|
\fI#includedir\fR
|
||||||
|
are never edited unless they contain a syntax error.
|
||||||
|
.TP 12n
|
||||||
\fB\-O\fR, \fB\--owner\fR
|
\fB\-O\fR, \fB\--owner\fR
|
||||||
Enforce the default ownership (user and group) of the
|
Enforce the default ownership (user and group) of the
|
||||||
\fIsudoers\fR
|
\fIsudoers\fR
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
|
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||||
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||||
.\"
|
.\"
|
||||||
.Dd September 13, 2022
|
.Dd October 4, 2022
|
||||||
.Dt VISUDO @mansectsu@
|
.Dt VISUDO @mansectsu@
|
||||||
.Os Sudo @PACKAGE_VERSION@
|
.Os Sudo @PACKAGE_VERSION@
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -28,7 +28,7 @@
|
|||||||
.Nd edit the sudoers file
|
.Nd edit the sudoers file
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS
|
||||||
.Nm visudo
|
.Nm visudo
|
||||||
.Op Fl chOPqsV
|
.Op Fl chIOPqsV
|
||||||
.Op Bo Fl f Bc Ar sudoers
|
.Op Bo Fl f Bc Ar sudoers
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
@ -203,6 +203,23 @@ path can be specified without using the
|
|||||||
option.
|
option.
|
||||||
.It Fl h , -help
|
.It Fl h , -help
|
||||||
Display a short help message to the standard output and exit.
|
Display a short help message to the standard output and exit.
|
||||||
|
.It Fl I , -no-includes
|
||||||
|
Disable the editing of include files unless there is a pre-existing
|
||||||
|
syntax error.
|
||||||
|
By default,
|
||||||
|
.Nm
|
||||||
|
will edit the main
|
||||||
|
.Ar sudoers
|
||||||
|
file and any files included via
|
||||||
|
.Em @include
|
||||||
|
or
|
||||||
|
.Em #include
|
||||||
|
directives.
|
||||||
|
Files included via
|
||||||
|
.Em @includedir
|
||||||
|
or
|
||||||
|
.Em #includedir
|
||||||
|
are never edited unless they contain a syntax error.
|
||||||
.It Fl O , -owner
|
.It Fl O , -owner
|
||||||
Enforce the default ownership (user and group) of the
|
Enforce the default ownership (user and group) of the
|
||||||
.Em sudoers
|
.Em sudoers
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-License-Identifier: ISC
|
* SPDX-License-Identifier: ISC
|
||||||
*
|
*
|
||||||
* Copyright (c) 1996, 1998-2005, 2007-2018
|
* Copyright (c) 1996, 1998-2005, 2007-2022
|
||||||
* Todd C. Miller <Todd.Miller@sudo.ws>
|
* Todd C. Miller <Todd.Miller@sudo.ws>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
@ -109,13 +109,15 @@ struct sudo_user sudo_user;
|
|||||||
struct passwd *list_pw;
|
struct passwd *list_pw;
|
||||||
static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist);
|
static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist);
|
||||||
static bool checkonly;
|
static bool checkonly;
|
||||||
|
static bool edit_includes = true;
|
||||||
static unsigned int errors;
|
static unsigned int errors;
|
||||||
static const char short_opts[] = "cf:hOPqsVx:";
|
static const char short_opts[] = "cf:hIOPqsVx:";
|
||||||
static struct option long_opts[] = {
|
static struct option long_opts[] = {
|
||||||
{ "check", no_argument, NULL, 'c' },
|
{ "check", no_argument, NULL, 'c' },
|
||||||
{ "export", required_argument, NULL, 'x' },
|
{ "export", required_argument, NULL, 'x' },
|
||||||
{ "file", required_argument, NULL, 'f' },
|
{ "file", required_argument, NULL, 'f' },
|
||||||
{ "help", no_argument, NULL, 'h' },
|
{ "help", no_argument, NULL, 'h' },
|
||||||
|
{ "no-includes", no_argument, NULL, 'I' },
|
||||||
{ "owner", no_argument, NULL, 'O' },
|
{ "owner", no_argument, NULL, 'O' },
|
||||||
{ "perms", no_argument, NULL, 'P' },
|
{ "perms", no_argument, NULL, 'P' },
|
||||||
{ "quiet", no_argument, NULL, 'q' },
|
{ "quiet", no_argument, NULL, 'q' },
|
||||||
@ -192,6 +194,9 @@ main(int argc, char *argv[])
|
|||||||
case 'h':
|
case 'h':
|
||||||
help();
|
help();
|
||||||
break;
|
break;
|
||||||
|
case 'I':
|
||||||
|
edit_includes = false;
|
||||||
|
break;
|
||||||
case 'O':
|
case 'O':
|
||||||
use_owner = true; /* check/set owner */
|
use_owner = true; /* check/set owner */
|
||||||
break;
|
break;
|
||||||
@ -1087,6 +1092,11 @@ open_sudoers(const char *path, bool doedit, bool *keepopen)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (entry == NULL) {
|
if (entry == NULL) {
|
||||||
|
if (doedit && !edit_includes) {
|
||||||
|
/* Only edit the main sudoers file. */
|
||||||
|
if (strcmp(path, sudoers_file) != 0)
|
||||||
|
doedit = false;
|
||||||
|
}
|
||||||
if ((entry = new_sudoers(path, doedit)) == NULL)
|
if ((entry = new_sudoers(path, doedit)) == NULL)
|
||||||
debug_return_ptr(NULL);
|
debug_return_ptr(NULL);
|
||||||
if ((fp = fdopen(entry->fd, "r")) == NULL)
|
if ((fp = fdopen(entry->fd, "r")) == NULL)
|
||||||
@ -1233,6 +1243,7 @@ help(void)
|
|||||||
" -c, --check check-only mode\n"
|
" -c, --check check-only mode\n"
|
||||||
" -f, --file=sudoers specify sudoers file location\n"
|
" -f, --file=sudoers specify sudoers file location\n"
|
||||||
" -h, --help display help message and exit\n"
|
" -h, --help display help message and exit\n"
|
||||||
|
" -I, --no-includes do not edit include files\n"
|
||||||
" -q, --quiet less verbose (quiet) syntax error messages\n"
|
" -q, --quiet less verbose (quiet) syntax error messages\n"
|
||||||
" -s, --strict strict syntax checking\n"
|
" -s, --strict strict syntax checking\n"
|
||||||
" -V, --version display version information and exit\n"));
|
" -V, --version display version information and exit\n"));
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user