On Fri 17 Jan 2020 at 09:40:48 (+0800), kaye n wrote: > On Fri, Jan 17, 2020 at 6:48 AM <l0f...@tuta.io> wrote: > > > > > I would put it in /etc/sudoers, myself. > > > > > It's not recommended to modify /etc/sudoers because it can be > > overwritten/reset during a next upgrade. > > Best is to have a file inside /etc/sudoers.d. > > Be sure to have the following instruction in your /etc/sudoers: > > > > #includedir /etc/sudoers.d > > > > NB: this is not a comment but a real/active instruction ;) > > > I have to create a file in /etc/sudoers.d and not use the file > /etc/sudoers.d/10-installer? And what should I name the file?
Basically, anything. If you put all your rules in one file, you could call it, say, my-sudoers, but some people might use separate files for different applications, where it would make sense to use names like, say, printing-sudoers and email-sudoers etc. No dots though, and not ending in ~ (so that backups are ignored). man sudoers is worth reading. > (I edited the 10-installer file with the line kaye ALL=(ALL) NOPASSWD: > /usr/local/bin/backlight-brightness but it doesn't have any effect; in fact > I think sudo was rendered useless to me, as in I cannot execute sudo, it > said something like an error in line something) > > #includedir /etc/sudoers.d is not a comment? that's weird but thanks for > the tip! See the section "Other special characters and reserved words" about these exceptions, #include and #includedir. sudo is not alone in this respect. For example, man apparmor.d documents the same behaviour in apparmor files, as you can see by glancing through some of its files with $ less /etc/apparmor.d/u* (which has the advantage that these files can be viewed by anyone). Cheers, David.
