So, one of the things that my RPM install has to do is to modify /etc/sudoers . I could have written code that would have simply overwritten the target system's /etc/sudoers file with my own copy, but this doesn't seem right to me. My reasoning goes like this: this file is not exclusively mine to control, and I want to allow other {things} that use this system to be able to use /etc/sudoers too. Quite frankly, the thought of just blindly overwriting a file like /etc/sudoers makes my skin crawl.
One of the things that my code has to account for is that on the target OS the default version of sudo is old enough so that it won't work with a directory like /etc/sudoers.d . My code is pretty much limited to updating the sudo subsystem via the file /etc/sudoers -- that's it.
Another thing that my code has to account for is this: I anticipate that future versions of the ${project} will have further updates for /etc/sudoers. So, the RPM install is going to have to be flexible enough to be able to deal with a never-modified-by-my-code version of /etc/sudoers, as well as an already-modified-by-my-code version of /etc/sudoers.
I let my mind get creative when coming up with a solution to this problem. Naturally, I used one of my favorite tools to solve this problem: Perl.
Here is the solution I came up with:
perl -i -ne '
# clean out whatever is there in the first place
print if (! (/# XYZ Project BEGIN machine-generated section DO NOT MODIFY/
..
/# XYZ Project END machine-generated section DO NOT MODIFY/));
if (eof) {
print <<'EOF'
# XYZ Project BEGIN machine-generated section DO NOT MODIFY
tomcat ALL= /usr/sbin/dmidecode
# XYZ Project END machine-generated section DO NOT MODIFY
EOF
;
} ' /etc/sudoers
In the next version of the RPM install, if somebody needs to update the stanza in the sudoers file, all they need to do is update the "here-document" here in this code, and they're done. Very easy!
So, there you have it: a clean, reliable, easy-to-understand, one-pass solution to the problem at hand. I'm a big fan of solutions like this.
No comments:
Post a Comment