File in /etc/sudoers.d/ not recognized
Apparently, the files that are included in the /etc/sudoers
file must have 0440 permissions for security reasons. That way only root can edit the file and only the owner and members of the owner group can read it, making it less likely that the file will be used as an attempt to escalate privileges.
You can check the requirements on the included file on /etc/sudoers.d/README
, but two other requirements are that the filename shouldn't start with a .
(hidden files) or end with a ~
(convention for backup files).
Credits to @steeldriver for confirming the theory and finding the /etc/sudoers.d/README
file!
In my CentOS 7, the system would not recognize the file if it had a dot in its name. For instance:
/etc/sudoers.d/user.perms # This file doesn't work
/etc/sudoers.d/userperms # This file does
The problem was not, as answered by IanC, caused by the file permissions (sudo
happily accepts a file owned by root:root 0644
, as I can confirm now, although it should of course be root:root 0440
for security reasons!), but by a newline at the end of the file which was preceded by a windows-style line ending (\r\n
).
sudo
only accepts \n
as line endings.