[Bug 580801] Re: Default /etc/sudoers file overwrites /etc/sudoers.d for 'admin' users

caludo 580801 at bugs.launchpad.net
Wed Dec 21 14:40:16 UTC 2011 

This still happens for me on oneiric.

The #includedir directive *is* on the last line in /etc/sudoers, but the
settings in the file /etc/sudoers.d/sometest are still overwritten by
the rules /preceding/ it.

sudo -l gives:

Matching Defaults entries for paul on this host:
    env_reset

User paul may run the following commands on this host:
    (ALL) ALL
    (root) NOPASSWD: /sbin/mount

Trying to run "sudo /sbin/mount" still results in sudo asking for a
password.

When I move the line from /etc/sudoers.d/sometest to the /etc/sudoers
file it works.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/580801

Title:
  Default /etc/sudoers file overwrites /etc/sudoers.d for 'admin' users

Status in sudo:
  Opinion
Status in “sudo” package in Ubuntu:
  Incomplete

Bug description:
  Binary package hint: sudo

  I was trying to make truecrypt to mount encrypted container without
  asking my user's password after I provided my truecrypt password and
  found out that I need to modify my 'sudo' configuration. After reading
  bit more about sudo configuration I found out that custom
  configuration should be placed in '/etc/sudoers.d' instead of
  modifying the default '/etc/sudoers' file. I found out that my custom
  setting did not worked any user who is member of the group 'admin',
  but worked find for any other user. I found that last line '%admin
  ALL=(ALL) ALL' in default '/etc/sudoers' file overwrites any setting
  set in '/etc/sudoers.d'. I fixed it by moving the '#includedir
  /etc/sudoers.d' to be the last line. I am attaching my patch. I think
  that this should be fixed in default configuration file because I
  believe this file will get overwritten during the next 'sudo' upgrade.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: sudo 1.7.2p1-1ubuntu5
  ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-22-generic i686
  Architecture: i386
  Date: Fri May 14 20:05:14 2010
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_US.utf8
   SHELL=/bin/bash
  SourcePackage: sudo
  VisudoCheck: /etc/sudoers: parsed OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/580801/+subscriptions

More information about the foundations-bugs mailing list