More sudo goodness
2009-06-10 21:39 - coding security
I’m working on a few projects at Google that require adding things to the sudoers file to permit a role user a very limited set of privileged commands on a very limited set of machines.
Unfortunately, the current way of handling this in anything but the very latest Debian Sid/Ubuntu Karmic is rather poor – one needs to add line by line to /etc/sudoers, removing any outdated entries, and then check the integrity using visudo.
Wouldn’t it be nice if there were a sudoers.d equivalent? Well, there is the #include directive in sudo 1.7.0, but none of the stable shipping debian-based distributions have anything newer than sudo 1.6.9.
Fortunately, Sid and Karmic now have sudo 1.7.0, meaning that it’s now sane to backport their sudo packages to the LTS editions of Ubuntu in use at Google. I’ve done this using prevu for Ubuntu dapper and hardy and verified that the packaging works without modification – just rebuild and deploy.
The bug is located at https://bugs.launchpad.net/hardy-backports/+bug/384100 should some kind souls wish to try the backport and report back on the results :) – instructions on using prevu are at https://wiki.ubuntu.com/Prevu should one not wish to trust me with building sudo binaries ;).
