File in /etc/sudoers.d/ not recognized

Running a fresh install of Ubuntu server 16.04.1, I tried to add a file in /etc/sudoers.d/ to give one user root privileges for a certain command.

I added the file /etc/sudoers.d/servicetest with the following content:

servicetest ALL = (root) NOPASSWD: /bin/systemctl status *

The file /etc/sudoers is left untouched. It contains #includedir /etc/sudoers.d as the last line. This setup is unfortunately not working, when executing an appropriate command with sudo as the user servicetest, I am still asked for the password. However, if I move the content of the file /etc/sudoers.d/servicetest to the end of /etc/sudoers, everything is working as expected.

What could be the cause of this issue? How can I get files in /etc/sudoers.d/ working?


In my CentOS 7, the system would not recognize the file if it had a dot in its name. For instance:

/etc/sudoers.d/user.perms                  # This file doesn't work
/etc/sudoers.d/userperms                   # This file does

Apparently, the files that are included in the /etc/sudoers file must have 0440 permissions for security reasons. That way only root can edit the file and only the owner and members of the owner group can read it, making it less likely that the file will be used as an attempt to escalate privileges.

You can check the requirements on the included file on /etc/sudoers.d/README, but two other requirements are that the filename shouldn't start with a . (hidden files) or end with a ~ (convention for backup files).

Credits to @steeldriver for confirming the theory and finding the /etc/sudoers.d/README file!