How to programatically add secure_path in sudoers file
Solution 1:
If you can live with replacing the secure_path
value instead of appending it, you can use a much easier solution. Usually sudo has a config directory like /etc/sudoers.d
where you can drop additional configuration files.
Just create a file there with your complete secure_path
value:
Defaults secure_path="<default value>:/usr/local/bin"
This overwrites the value from the main config. If the path value is the same for all your machines this can easily be deployed with scripts or a package.
This has the additional advantage that you don't have to check and possibly merge config files when the sudo package is updated in the future.
Solution 2:
assuming you know the line with secure_path exists, a simple sed command to do this
sed -i -e '/secure_path/ s[=.*[&:/usr/local/bin[' /etc/sudoers
or a bit more sophisticated (more syntax check on input) :
sed -i -r -e '/^\s*Defaults\s+secure_path/ s[=(.*)[=\1:/usr/local/bin[' /etc/sudoers