Strange sudoers problem.
Ralf Mardorf
silver.bullet at zoho.com
Sun Jul 8 14:57:48 UTC 2018
On Sun, 8 Jul 2018 15:13:17 +0100, Tom H wrote:
>On Mon, Jul 2, 2018 at 8:11 PM Wynona Stacy Lockwood wrote:
>> I have an odd problem with sudoers. Recently, I've tried to make use
>> of /etc/sudoers.d/ rather than editing /etc/sudoers itself. This, in
>> theory, should ensure that future upgrades to sudo will not munge my
>> additions by leaving the stock /etc/sudoers intact. Research has lead
>> me to believe that files in /etc/sudoers.d/ need to be dot files
>> (I.E. a "hidden" file) and need to be mode 0440. I have done both of
>> these things, however, the groups I define for sudo access in my
>> /etc/sudoers.d/.devops.sudoers file are not processed, even after a
>> reboot. Anyone else have this problem?
>
>"/etc/sudoers.d/" files don't need to be dot-files. In fact, I doubt
>that dot-files are read. AFAIK, files including a dot aren't read; I
>assume that this includes a file that starts with a dot.
>
>It's best to use "visudo -f /etc/sudoers.d/<file>". Either $VISUAL or
>$EDITOR will be used, if set; otherwise vi'll be used.
If a global config file installed by a package was edited, dpkg does
notice this, by using a checksum of the last installed config file that
was installed by the package. Conifgs in $HOME are always kept
untouched. An edited config file will not be replaced by new config
file, by default dpkg instead ask the administrator what to do.
It's possible to change the default behaviour by the --force-confnew or
--force-confold option.
Btw. mode 0440 isn't a smart way to make a file immutable, instead it
the OP should consider to make it really immutable, by using
sudo chattr -i /path/file
Regarding the used editor I wouldn't export it globally, instead I
usually add
export EDITOR="nano"
to
$HOME/.bashrc
More information about the ubuntu-users
mailing list