sudo creates the temporary file /etc/sudoers.tmp so that it can do an
atomic rename if the file has been modified. This is a nice thing to
guarantee, otherwise the file may not exist, or might exist in an
inconsistent state.
In particular, this avoids the scenario where sudo writes out some file
to the effect of:
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
But perhaps the stuff after the ',' hasn't been written yet. So pete
can change roots password, even though this is a legitimate way to
prevent it (taken straight from the sudoers manpage).
The only change I can see being made is to use the dirname of the file
being edited, rather than always using the dirname of the sudoers file.
http:// bugs.debian. org/283161
visudo: please use /tmp or other location for temporary file
sudo creates the temporary file /etc/sudoers.tmp so that it can do an
atomic rename if the file has been modified. This is a nice thing to
guarantee, otherwise the file may not exist, or might exist in an
inconsistent state.
In particular, this avoids the scenario where sudo writes out some file
to the effect of:
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
But perhaps the stuff after the ',' hasn't been written yet. So pete
can change roots password, even though this is a legitimate way to
prevent it (taken straight from the sudoers manpage).
The only change I can see being made is to use the dirname of the file
being edited, rather than always using the dirname of the sudoers file.