In my Ubuntu 20.04 installation the /etc/sudoers.d directory has the following default files
1 2 | 99-snapd.confREADME |
So you would assume that creating a file such as 50-mysudo.conf with the contents needed to allow passwordless sudo would work
1 | jamesm ALL=(ALL:ALL) NOPASSWD:ALL |
But no!
So what rules you need to do to follow to have a working /etc/sudoers.d file. From the README in /etc/sudoers.d the file you drop into /etc/sudoers.d needs to comply with these rules:
1 2 3 4 5 | # This will cause sudo to read and parse any files in the /etc/sudoers.d # directory that do not end in '~' or contain a '.' character.# # Note that there must be at least one file in the sudoers.d directory (this# one will do), and all files in this directory should be mode 0440. |
If the file has '.' character i.e. 55-mysudo.conf it won't be picked up
If the file has the wrong permissions it won't be parsed either.
Notice the test file I created with touch test has 644 permissions which is incorrect:
1 2 3 4 5 6 7 | ls -alhtotal 28Kdrwxr-xr-x 2 root root 4.0K Jan 3 07:53 .drwxr-xr-x 144 root root 12K Jan 2 20:56 ..-r--r----- 1 root root 91 Jul 10 23:59 99-snapd.conf-r--r----- 1 root root 958 Feb 4 2020 README-rw-r--r-- 1 root root 0 Jan 3 07:53 test |
So you should create the file with visudo -f mysudo which will create the file with the right permissions of 0440
1 2 3 4 5 6 7 | ls -alhtotal 28Kdrwxr-xr-x 2 root root 4.0K Jan 3 07:57 .drwxr-xr-x 144 root root 12K Jan 2 20:56 ..-r--r----- 1 root root 91 Jul 10 23:59 99-snapd.conf-r--r----- 1 root root 0 Jan 3 07:57 mysudo-r--r----- 1 root root 958 Feb 4 2020 README |
Example of how to add a file to /etc/sudoer.d correctly
1 2 3 | cd /etc/sudoer.dvisudo -f mysudo# add the contents as per below and edit to taste |
The contents of mysudo
1 2 3 | # this is the content of 'mysudo' to allow passwordless sudo# jamesm is my linux usernamejamesm ALL=(ALL:ALL) NOPASSWD:ALL |
0 Comments