Sudo directive in /etc/sudoers.d doesn't work (but it's fine if it's in /etc/sudoers)

sudo ubuntu-18.04

5,623

I found out the problem - for files in /etc/sudoers.d, the file must not end at the directive, but on a new line. This is most easily shown with cat -A.

Invalid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.shroot@server:/etc/sudoers.d#

Valid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh$
root@server:/etc/sudoers.d#

5,623

Author by

Ben Holness

Updated on September 18, 2022

Comments

Ben Holness over 1 year
I wish to add a file to the /etc/sudoers.d folder that includes a directive to allow www-data to run one specific script with no root password.

The directive is
```
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh
```
If I visudo and add it to /etc/sudoers, there is no problem.

If I put that line in a file and copy it to /etc/sudoers.d, then visudo, it tells me that the file has a 'syntax error near line 1'.

Is there something else I need to put in the file, or something else I need to do to make it work?

I am running Ubuntu 18.

Thanks!
- Manikandan Ram over 4 years
  
  If you want the script to run at any interval, You can go for cron..
- Ben Holness over 4 years
  
  I do not want the script to run at an interval, only as and when called from the webapp (which is likely to be once or so a year)
- Hauleth over 4 years
  
  Just in case, file without newline at the end is incorrect UNIX text file.
- Ben Holness over 4 years
  
  @Hauleth - as per the answer (which I can't accept until tomorrow), that was indeed the problem!
- Dumitru over 4 years
  
  visudo also has the -f flag you can use to edit a specific file. That way you can be sure that your files are always correct.
muru over 4 years

i.e., the file must be a valid text file. If your file doesn't end in a newline, it's not a valid text file.
Ben Holness over 4 years

I had no idea that no newline meant it was an invalid text file - I just pasted the line into a file and saved it!
muru over 4 years

Did you use nano or Vim?
Ben Holness over 4 years

Neither, the file exists within my project and I used the IDE editor (PHPStorm) to create the file, which was then deployed to the staging server and copied to /etc/sudoers.d for testing
muru over 4 years

Blame the lame editor then. Any decent Unix editor will add that final newline if it's missing.
Ben Holness over 4 years

It's not a Unix editor, but I will still send feedback!