Sunday, 24 October 2010
/etc/sudoers.d
The default /etc/sudoers
file in Squeeze has a new directive:
#includedir /etc/sudoers.d
that lets you make changes to sudo without editing the stock /etc/sudoers
file.
There are a few gotchas about using it:
- Files in
/etc/sudoers.d
that end in ~ (that’s a tilde in case it tenders as a dash) or contain a . (period) character will be ignored. - Files in
/etc/sudoers.d
must have 0440 permissions. So after you create your file, do a
chmod 0440 {filename}
on it. - The directive itself in
/etc/sudoers
should be the last line. Otherwise it seems to get overridden by whatever follows.
At this point I don’t know in what order the files are read, but I suspect it’s in alphabetical order. So, for the moment I am using numbers (e.g., 99shutdown
) to enforce the desired order.
Complete info at http://www.sudo.ws/sudo/sudoers.man.html.