Expand sudo configuration comments

2025-01-26 08:42:12 +08:00 · 2021-11-08 12:23:55 -06:00 · 2021-11-08 12:23:55 -06:00 · 193bdf3d12
commit 193bdf3d12
parent 70ea525df2
1 changed files with 18 additions and 1 deletions
--- a/postlfs/security/sudo.xml
+++ b/postlfs/security/sudo.xml
@ -215,11 +215,28 @@ ln -sfv libsudo_util.so.0.0.0 /usr/lib/sudo/libsudo_util.so.0</userinput></scree
        <systemitem class="username">root</systemitem> user:
      </para>

-<screen role="root"><userinput>cat &gt; /etc/sudoers.d/sudo &lt;&lt; "EOF"
+<screen role="root"><userinput>cat &gt; /etc/sudoers.d/00-sudo &lt;&lt; "EOF"
 <literal>Defaults secure_path="/usr/sbin:/usr/bin"
 %wheel ALL=(ALL) ALL</literal>
 EOF</userinput></screen>

+      <note>
+        <para>
+          In very simple installations where there is only one user, it
+          may be easier to just edit the <filename>/etc/sudoers</filename>
+          file directly.  In that case, the <varname>secure_path</varname>
+          entry may not be needed and using <command>sudo -E ...</command> can
+          import the non-privileged user's full environment into the 
+          privileged session.
+        </para>
+        
+        <para>
+          The files in the <filename class="directory">/etc/sudoers.d</filename> 
+          directory are parsed in sorted lexical order. Be careful that entries 
+          in an added file do not overwrite previous entries.
+        </para>
+      </note>
+
      <para>
        For details, see <command>man sudoers</command>.
      </para>