File in /etc/sudoers.d/ not recognized
Running a fresh install of Ubuntu server 16.04.1, I tried to add a file in /etc/sudoers.d/
to give one user root privileges for a certain command.
I added the file /etc/sudoers.d/servicetest
with the following content:
servicetest ALL = (root) NOPASSWD: /bin/systemctl status *
The file /etc/sudoers
is left untouched. It contains #includedir /etc/sudoers.d
as the last line.
This setup is unfortunately not working, when executing an appropriate command with sudo as the user servicetest
, I am still asked for the password. However, if I move the content of the file /etc/sudoers.d/servicetest
to the end of /etc/sudoers
, everything is working as expected.
What could be the cause of this issue? How can I get files in /etc/sudoers.d/
working?
In my CentOS 7, the system would not recognize the file if it had a dot in its name. For instance:
/etc/sudoers.d/user.perms # This file doesn't work
/etc/sudoers.d/userperms # This file does
Apparently, the files that are included in the /etc/sudoers
file must have 0440 permissions for security reasons. That way only root can edit the file and only the owner and members of the owner group can read it, making it less likely that the file will be used as an attempt to escalate privileges.
You can check the requirements on the included file on /etc/sudoers.d/README
, but two other requirements are that the filename shouldn't start with a .
(hidden files) or end with a ~
(convention for backup files).
Credits to @steeldriver for confirming the theory and finding the /etc/sudoers.d/README
file!