Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

changed validate_single, rm 2 params, fixes #223 #309

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

tdlc
Copy link

@tdlc tdlc commented Jun 24, 2024

To make validate_single to really only validate
single files the implementation was changed.
If validate_single is true visudo will be
called with -f . In case validate_single
is false all files will be validated. This
makes sense because a single file could break
the whole sudoers config, see issue #125.
Before this commit all files would always be
validated no matter which value validate_single
had. This might be unwanted if an application
installs some file with wrong rights 0440,
see issue #223.
Removed parameter delete_on_error because now
an invalid file is never kept. When param
was false it could also lead to infinite
error messages in the invalid sudoers file.
Removed parameter sudo_syntax_path as it
is unused now. It cannot be used in puppet
file's validate_cmd.

To make validate_single to really only validate
single files the implementation was changed.
If validate_single is true visudo will be
called with -f <file>. In case validate_single
is false all files will be validated. This
makes sense because a single file could break
the whole sudoers config, see issue saz#125.
Before this commit all files would always be
validated no matter which value validate_single
had. This might be unwanted if an application
installs some file with wrong rights 0440,
see issue saz#223.
Removed parameter delete_on_error because now
an invalid file is never kept. When param
was false it could also lead to infinite
error messages in the invalid sudoers file.
Removed parameter sudo_syntax_path as it
is unused now. It cannot be used in puppet
file's validate_cmd.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant