On Tue, 30 Aug 2011 16:31:37 -0600, Bob Proulx <b...@proulx.com> wrote: Non-text part: multipart/signed > Sorry but I don't understand. How would setting secure_path in a new > sudoers.d file create a situation where a system would remain broken?
The only reason files in sudoers.d get read is that I added an include
directive to the template /etc/sudoers a while back:
#includedir /etc/sudoers.d
But if someone already has an /etc/sudoers from before that directive
was added, and is choosing not to keep up with my changes, then putting
more files in /etc/sudoers.d will have no effect at all, and they will
still be impacted by the change.
So, we need to be able to provide a default secure_path that's rational
but able to be overridden in /etc/sudoers* (a source patch is acceptable
here, particularly if I can get upstream to accept it), or at minimum I
need to add a NEWS entry documenting the behavior change.
Bdale
pgpZ8kqFcrLnW.pgp
Description: PGP signature
