Sunday, 24 October 2010
/etc/sudoers.d
The default /etc/sudoers
file in Squeeze has a new directive:
#includedir /etc/sudoers.d
that lets you make changes to sudo without editing the stock /etc/sudoers
file.
There are a few gotchas about using it:
- Files in
/etc/sudoers.d
that end in ~ (that’s a tilde in case it tenders as a dash) or contain a . (period) character will be ignored. - Files in
/etc/sudoers.d
must have 0440 permissions. So after you create your file, do a
chmod 0440 {filename}
on it. - The directive itself in
/etc/sudoers
should be the last line. Otherwise it seems to get overridden by whatever follows.
At this point I don’t know in what order the files are read, but I suspect it’s in alphabetical order. So, for the moment I am using numbers (e.g., 99shutdown
) to enforce the desired order.
Complete info at http://www.sudo.ws/sudo/sudoers.man.html.
Add comment
Fill out the form below to add your own comments
Wednesday, December 1, 2010 - 17:20:21
chmod and not chown :-D
Wednesday, December 1, 2010 - 18:20:15
@Arnaud: Doh! Thanks and fixed.
Monday, February 7, 2011 - 01:32:48
So what is the format of the files that you put in /etc/sudoers.d. Can you give an example? Thanks!
Monday, February 7, 2011 - 19:09:28
@Pablo AFAIK, whatever you place in an /etc/sudoers.d/{file} is just read and parsed as though it were part of the main sudoers file. So anything you might put into the /etc/sudoers:
can be placed in e.g. /etc/sudoers.d/99shutdown instead.