Sudo directive in /etc/sudoers.d doesn't work (but it's fine if it's in /etc/sudoers)

Question

I wish to add a file to the /etc/sudoers.d folder that includes a directive to allow www-data to run one specific script with no root password.

The directive is

www-data ALL=(ALL) NOPASSWD: /path/to/script.sh

If I visudo and add it to /etc/sudoers, there is no problem.

If I put that line in a file and copy it to /etc/sudoers.d, then visudo, it tells me that the file has a 'syntax error near line 1'.

Is there something else I need to put in the file, or something else I need to do to make it work?

I am running Ubuntu 18.

Thanks!

Answer 1

I found out the problem - for files in /etc/sudoers.d, the file must not end at the directive, but on a new line. This is most easily shown with cat -A.

Invalid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.shroot@server:/etc/sudoers.d#

Valid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh$
root@server:/etc/sudoers.d#

Answer 2

According to the /etc/sudoers.d/README, the filename should not have the . symbol in its name. This was the issue for me -- I have used the .conf extension.

# This will cause sudo to read and parse any files in the /etc/sudoers.d 
# directory that do not end in '~' or contain a '.' character.

Files should also be in 0440 mode.

Thus, my solution was to rename the file:

sudo mv /etc/sudoers.d/50-jenkins.conf /etc/sudoers.d/50-jenkins
sudo ls -al /etc/sudoers.d/

drwxr-xr-x   2 root root  4096 окт 10 17:47 .
drwxr-xr-x 157 root root 12288 окт 10 17:44 ..
-r--r-----   1 root root   268 окт 10 17:44 50-jenkins
-r--r-----   1 root root   958 мар 30  2016 README