Ubuntu 20.04 files created in /etc/sudoers.d not working

In my Ubuntu 20.04 installation…

Login

Blog History

In my Ubuntu 20.04 installation the /etc/sudoers.d directory has the following default files

99-snapd.conf
README

So you would assume that creating a file such as 50-mysudo.conf with the contents needed to allow passwordless sudo would work

jamesm ALL=(ALL:ALL) NOPASSWD:ALL

But no!

So what rules you need to do to follow to have a working /etc/sudoers.d file. From the README in /etc/sudoers.d the file you drop into /etc/sudoers.d needs to comply with these rules:

# This will cause sudo to read and parse any files in the /etc/sudoers.d 
# directory that do not end in '~' or contain a '.' character.
# 
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.

If the file has '.' character i.e. 55-mysudo.conf it won't be picked up

If the file has the wrong permissions it won't be parsed either.

Notice the test file I created with touch test has 644 permissions which is incorrect:

ls -alh
total 28K
drwxr-xr-x   2 root root 4.0K Jan  3 07:53 .
drwxr-xr-x 144 root root  12K Jan  2 20:56 ..
-r--r-----   1 root root   91 Jul 10 23:59 99-snapd.conf
-r--r-----   1 root root  958 Feb  4  2020 README
-rw-r--r--   1 root root    0 Jan  3 07:53 test

So you should create the file with visudo -f mysudo which will create the file with the right permissions of 0440

ls -alh
total 28K
drwxr-xr-x   2 root root 4.0K Jan  3 07:57 .
drwxr-xr-x 144 root root  12K Jan  2 20:56 ..
-r--r-----   1 root root   91 Jul 10 23:59 99-snapd.conf
-r--r-----   1 root root    0 Jan  3 07:57 mysudo
-r--r-----   1 root root  958 Feb  4  2020 README

Example of how to add a file to /etc/sudoer.d correctly

cd /etc/sudoer.d
visudo -f mysudo
# add the contents as per below and edit to taste

The contents of mysudo

# this is the content of 'mysudo' to allow passwordless sudo
# jamesm is my linux username
jamesm ALL=(ALL:ALL) NOPASSWD:ALL


0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.