Add filename checking for visudo -f

[jorymil]

Hi folks,

After banging my head against a sudo issue for a couple of hours, I finally traced it back to... my sudoers.d file having a period in it. Any chance that a check could be added to visudo -f to warn people if they're editing a file that will be ignored?

I may be able to fix this myself, but getting the issue filed so I don't forget about it.

[millert]

The problem with this is that visudo has no way of knowing that you are editing a file that will be included via @includedir.

[millert]

Would it have been useful if "visudo -c" warned about files it was ignoring?

[jorymil]

It certainly would have been useful to have "visudo -c" report on that! Sort of the sudo equivalent of an "apachectl configtest" or similar.

I hear you on the fact that visudo has no way to know whether a file is being included via @includedir. Are there circumstances where one might be editing something not in @includedir? That definitely seems like an edge case.

Ultimately this was a once-in-a-career mistake for me, but if I can help save others some time, it'd be really nice.

[millert]

I just pushed changes to "visudo -c" that may help with this:

# visudo -c
/etc/sudoers.d/foo.bak: ignoring editor backup file
/etc/sudoers.d/README.txt: ignoring file name containing '.'
/etc/sudoers: parsed OK

My concern with warning about editing any file with a '.' in it is that given a sudoers with a line like:

@include /etc/sudoers.%h

I don't think visudo should warn for:

# visudo -f /etc/sudoers.myhost