Wanted: interesting sudoers

I’ve learned a lot about sudo while writing Sudo Mastery. One of the things I’ve learned is that many, many people have insecure sudo policies. Most tutorials, mine included, leave holes people who understand sudo can get through. I’ve also learned that many people are using sudo much more cleverly than I previously thought.

Sudo is perhaps the most widely used access control tool for Unix-like systems. I’d like this book to be accurate and useful. As such, I have a favor to ask my readers:

If you’re using sudo in production, and your sudoers file is pleasant and elegant, or it cleverly solves an tricky access problem, or it’s a horrible ghastly nightmare but you don’t know any other way to express the policy, I’d like you to send me a sanitized copy of your sudoers file.

I’m especially interested in “default deny” policies, where the word ALL doesn’t appear in the command field.

Don’t include real usernames or IP addresses.

And don’t send me anything you’re uncomfortable sharing.

I won’t cut-and-paste your policies, and anything I use will be further anonymized. But the world of sudo is huge, and there’s very little really good examples out there. The more good policies I read, the better the book will be.

You can email them to me at mwlucas at michael w lucas dotcom. Please use the word sudoers in the subject.

Thank you for your help.

Comments are closed.