Sudo directive in /etc/sudoers.d doesn't work (but it's fine if it's in /etc/sudoers)
5,623
I found out the problem - for files in /etc/sudoers.d, the file must not end at the directive, but on a new line. This is most easily shown with cat -A
.
Invalid file:
root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.shroot@server:/etc/sudoers.d#
Valid file:
root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh$
root@server:/etc/sudoers.d#
Author by
Ben Holness
Updated on September 18, 2022Comments
-
Ben Holness over 1 year
I wish to add a file to the
/etc/sudoers.d
folder that includes a directive to allowwww-data
to run one specific script with no root password.The directive is
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh
If I
visudo
and add it to/etc/sudoers
, there is no problem.If I put that line in a file and copy it to
/etc/sudoers.d
, thenvisudo
, it tells me that the file has a 'syntax error near line 1'.Is there something else I need to put in the file, or something else I need to do to make it work?
I am running Ubuntu 18.
Thanks!
-
Manikandan Ram over 4 yearsIf you want the script to run at any interval, You can go for cron..
-
Ben Holness over 4 yearsI do not want the script to run at an interval, only as and when called from the webapp (which is likely to be once or so a year)
-
Hauleth over 4 yearsJust in case, file without newline at the end is incorrect UNIX text file.
-
Ben Holness over 4 years@Hauleth - as per the answer (which I can't accept until tomorrow), that was indeed the problem!
-
Dumitru over 4 yearsvisudo also has the -f flag you can use to edit a specific file. That way you can be sure that your files are always correct.
-
-
muru over 4 yearsi.e., the file must be a valid text file. If your file doesn't end in a newline, it's not a valid text file.
-
Ben Holness over 4 yearsI had no idea that no newline meant it was an invalid text file - I just pasted the line into a file and saved it!
-
muru over 4 yearsDid you use nano or Vim?
-
Ben Holness over 4 yearsNeither, the file exists within my project and I used the IDE editor (PHPStorm) to create the file, which was then deployed to the staging server and copied to
/etc/sudoers.d
for testing -
muru over 4 yearsBlame the lame editor then. Any decent Unix editor will add that final newline if it's missing.
-
Ben Holness over 4 yearsIt's not a Unix editor, but I will still send feedback!