Sunday, 24 October 2010

/etc/sudoers.d

The default /etc/sudoers file in Squeeze has a new directive:

#includedir /etc/sudoers.d 

that lets you make changes to sudo without editing the stock /etc/sudoers file.

There are a few gotchas about using it:

  1. Files in /etc/sudoers.d that end in ~ (that’s a tilde in case it tenders as a dash) or contain a . (period) character will be ignored.
  2. Files in /etc/sudoers.d must have 0440 permissions. So after you create your file, do a
    chmod 0440 {filename}
    on it.
  3. The directive itself in /etc/sudoers should be the last line. Otherwise it seems to get overridden by whatever follows.

At this point I don’t know in what order the files are read, but I suspect it’s in alphabetical order. So, for the moment I am using numbers (e.g., 99shutdown) to enforce the desired order.

Complete info at http://www.sudo.ws/sudo/sudoers.man.html.