It's single, self-contained shell script. If it's not packaged for one's distro, amd they don't know how to replace a command and keep it updated, then this shim is not for them, and that is ok.
For the technically inclined who like challenges, creating a distro package of this shim is the "hello world" equivalent for packaging.
The purpose is to allow users access by ldap criteria like group so the sodoers file need not be edited on each and every server.
https://www.sudo.ws/docs/man/sudoers.ldap.man/
Yeah, that’s not something I would expect a core until to do.
I would expect another system to query ldap.
> That is scary! I may need to look more at openbsd
Very useful when you're running fleets of systems that are more pet than cattle.
Ubuntu/Debian are moving to sudo using SSS to talk to LDAP (versus the current sudo-ldap package).
There's a Linux port of doas named OpenDoas
Distros come with sudo. Scripts assume sudo. Complexity exists there.
solved long ago. https://github.com/jirutka/doas-sudo-shim/
so do I uninstall sudo from my distro? What do I do on upgrade? This shim is available from alpine package manager, can I get it anywhere else?
It's single, self-contained shell script. If it's not packaged for one's distro, amd they don't know how to replace a command and keep it updated, then this shim is not for them, and that is ok.
For the technically inclined who like challenges, creating a distro package of this shim is the "hello world" equivalent for packaging.