Announcement

**Snowhog** · May 03, 2016, 05:01 PM

What is it you are trying to accomplish?

**vinnywright** · May 03, 2016, 06:52 PM

is your file mode 0440 (owner read, group read , others forbidden , owner root group root) ,,,,,,

did you use visudo to make it ?

EDIT: ,,,look at /etc/sudoers and uncoment the line "#includedir /etc/sudoers.d"

VINNY

**oshunluvr** · May 04, 2016, 08:25 AM

Paul: Using apt and apt-get and those two other from the CLI without entering my password.

Vinny: Yes, I used visudo -f and the permissions are correct. If you try and remover the remark hash from that line it causes an error in the sudoers file and visudo advises you not to save it. I believe the comment is there to remind you not to edit sudoers and to instead do what I did - create the file in /etc/sudoers.d.

The reason I posted this is the configuration is exactly the same as I have it in 15.04. There it works. Here on 16.04 it does not. I wondered if anyone else had tried this and had success before I continued to dig.

**oshunluvr** · May 04, 2016, 08:35 AM

BTW, unrelated to this thread I just had a glitch due to a monitor blanking that caused me to have to log out. Once I had the keyboard and mouse weren't being read. So I pushed the power button, the system shut itself down, I rebooted, logged in, all in less than a single minute! Wow, this 16.04 is really much quicker than previous versions. I get the plymouth "pulse" of blue with the Kubuntu logo exactly once before it moves past plymouth.

**Snowhog** · May 04, 2016, 12:36 PM

Originally posted by oshunluvr View Post

The reason I posted this is the configuration is exactly the same as I have it in 15.04. There it works. Here on 16.04 it does not. I wondered if anyone else had tried this and had success before I continued to dig.

I'll fire up my 16.04 VM and check this out.

**Snowhog** · May 04, 2016, 01:10 PM

Originally posted by oshunluvr View Post

Vinny: Yes, I used visudo -f and the permissions are correct. If you try and remover the remark hash from that line it causes an error in the sudoers file and visudo advises you not to save it. I believe the comment is there to remind you not to edit sudoers and to instead do what I did - create the file in /etc/sudoers.d.

No, that is not the reason. The line #includedir /etc/sudoers.d is a directive; It isn't a commented line. Check out the man page -- man sudoers -- and search for #includedir.

According to the man page:

When sudo reaches this line it will suspend processing of the current file (/etc/sudoers) and switch to /etc/sudoers.local. Upon reaching the end of /etc/sudoers.local the rest of /etc/sudoers will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loop.

So it would seem to me that your (apt) needs to be renamed to sudoers.apt (located in /etc), and that it would get processed with the entry #include sudoers.apt in sudoers.local, i.e:

/etc/sudoers.local contains:

#include sudoers.apt

That's how I interpret it.

**sithlord48** · May 04, 2016, 04:06 PM

sweet a C style include so is // or /* */ treated as a line/ block comment? Who does that ? i mean really just about ever other config uses the # as a comment way to screw with the users sudo devs..

**oshunluvr** · May 04, 2016, 04:22 PM

So why so I have to build yet another sudoers location and add another directive? Why can't we use the one already provided for this purpose - /etc/sudoers.d ??

The README in /etc/sudoers.d/

stuart@office:~$ sudo cat /etc/sudoers.d/README
#
# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
# installation of the package now includes the directive:
#
# #includedir /etc/sudoers.d
#
# This will cause sudo to read and parse any files in the /etc/sudoers.d
# directory that do not end in '~' or contain a '.' character.
#
# Note that there must be at least one file in the sudoers.d directory (this
# one will do), and all files in this directory should be mode 0440.
#
# Note also, that because sudoers contents can vary widely, no attempt is
# made to add this directive to existing sudoers files on upgrade. Feel free
# to add the above directive to the end of your /etc/sudoers file to enable
# this functionality for existing installations if you wish!
#
# Finally, please note that using the visudo command is the recommended way
# to update sudoers content, since it protects against many failure modes.
# See the man page for visudo for more information.
#

Note the bold text which states "any files" which also leads me to believe the naming is not critical. Either that or this is the most poorly worded README Debian has put out. Also note the inclusion of a period in the filename prevents it from being read (in this directory) so I don't agree that using sudoers.apt will work, unless you go through the unnecessary (IMO) extra step of creating yet another directory for extra sudoers files.

Finally, as I stated - I have configured 16.04 in exactly the same way as I did in 15.04 and it works in 15.04 but not in 16.04.

I will try the suggestion as a test, but clearly - to me at least - there is a bug if it worked in 15.04 but doesn't in 16.04 unless they configured it differently and did not document it.

**oshunluvr** · May 04, 2016, 04:37 PM

I have tried the following:

1. Added a directive line pointing directly to my apt file - #include /etc/sudoers.d/apt
2. Added a directive pointing to an additional location as suggested - #includedir /etc/sudoers.local
3. Copied the apt file to /etc/sudoers.local/sudoers.apt as suggested.

Still does not work.

I even rebooted, although I doubt that's necessary.

**Snowhog** · May 04, 2016, 06:40 PM

If I understand correctly, you are trying to (have done previously) create specific command aliases that can run without being prompted for the elevated privileges password. If so, then maybe Command Aliases is appropriate?

**oshunluvr** · May 04, 2016, 09:10 PM

There is clearly something wrong with my install, not with my edits. I re-booted into 15.04 and re-did /etc/sudoers.d/apt - works like a charm as it always did. Then I booted my 16.04 VM and created /etc/sudoers.d/apt and IT works like a charm. Still here - nothing.

Same file contents on all three install with different results on just this one. I may have to do another 16.04 install on this machine and test it next.

**sithlord48** · May 05, 2016, 06:40 AM

with your third attempt did you try /etc/sudoers.local/apt (without the . )

**oshunluvr** · May 05, 2016, 07:22 AM

No, but everything I've tried works everywhere I've tried it except on this one install. I honestly don't think it's a problem with sudoers or any of the associated functionality. The problem is with this particular installation.

I'm past re-attempting more with this install as clearly it just doesn't work. I'm trying to figure out if there's a way to trace what's happening (or not) but I've had no luck. visudo parses all the files when doing a check and reports no issues. I've even re-built the apt file in hopes the problem was a non-printing character. I also re-built to apt file on the 15.04 install several times using different ways to accomplish the same thing and they ALL worked but NONE of them work here.

I'm curious to see if the file is being read and just ignored or if it's not being read at all. I may have time Saturday morning to do a second install of 16.04 on this machine and see if it's just a fluke.

**oshunluvr** · Jul 08, 2016, 08:52 AM

Update on this issue: New 16.04 install and it still doesn't work. However, when I changed the hostname from "office" to "ALL" is worked. So it appears the problem lies somewhere with sudoers reading the hostname. As I stated several times, using "office" in the sudoers file works in 15.04. I posted a bug here: https://bugs.launchpad.net/ubuntu/+s...e/+bug/1584549 but it appears no one has looked at it yet.

Announcement

sudoers edits not working?

sudoers edits not working?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment