From 8690c09cc914da6ac3a6ba46ab3ba7690a344cf9 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 20 Aug 2018 18:00:13 -0400 Subject: Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to /etc/sudoers (Any old lines it wrote to /etc/sudoers will be removed.) This fixes a potential ordering problem; the property used to append the line to /etc/sudoers, but that would override more specific lines in the include directory. By putting it in a file that is included first, it'll come before all includes, without needing to parse the sudoers file in order to put it before the includedir line. Note that, if there is a more specific line for the user in /etc/sudoers before the includedir, it will be overridden by the line in /etc/sudoers.d/000users. But, this is not a behavior change from before, when the line was appended to the end. This commit was sponsored by Jeff Goeke-Smith on Patreon. --- debian/changelog | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index f0b8db04..8faca945 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,11 @@ propellor (5.5.0) UNRELEASED; urgency=medium * Added Systemd.escapePath helper function useful when creating mount units. * Added Sudo.sudoersDFile property. + * Sudo.enabledFor: Write to /etc/sudoers.d/000users rather than to + /etc/sudoers. (Any old lines it wrote to /etc/sudoers will be removed.) + This fixes a potential ordering problem; the property used to append + the line to /etc/sudoers, but that would override more specific lines + in the include directory. -- Joey Hess Thu, 09 Aug 2018 10:54:41 -0400 -- cgit v1.2.3