|author||Joey Hess||2018-08-20 18:00:13 -0400|
|committer||Joey Hess||2018-08-20 18:00:19 -0400|
Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to /etc/sudoers
(Any old lines it wrote to /etc/sudoers will be removed.) This fixes a potential ordering problem; the property used to append the line to /etc/sudoers, but that would override more specific lines in the include directory. By putting it in a file that is included first, it'll come before all includes, without needing to parse the sudoers file in order to put it before the includedir line. Note that, if there is a more specific line for the user in /etc/sudoers before the includedir, it will be overridden by the line in /etc/sudoers.d/000users. But, this is not a behavior change from before, when the line was appended to the end. This commit was sponsored by Jeff Goeke-Smith on Patreon.
Diffstat (limited to 'debian')
1 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index f0b8db04..8faca945 100644
@@ -6,6 +6,11 @@ propellor (5.5.0) UNRELEASED; urgency=medium
* Added Systemd.escapePath helper function useful when creating mount
* Added Sudo.sudoersDFile property.
+ * Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to
+ /etc/sudoers. (Any old lines it wrote to /etc/sudoers will be removed.)
+ This fixes a potential ordering problem; the property used to append
+ the line to /etc/sudoers, but that would override more specific lines
+ in the include directory.
-- Joey Hess <email@example.com> Thu, 09 Aug 2018 10:54:41 -0400