[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: percent char '%' in sudoers file



On Tue, Aug 10, 2021 at 02:19:18AM -0400, Bob Bernstein wrote:
> My copy (buster amd64) of lines 23-24 of /etc/sudoers looks like
> this:
> 
> 23 # Allow members of group sudo to execute any comm$
> 24 % sudo  ALL=(ALL:ALL) ALL
> 
> Is that '%' a comment char?

No. It is a group indicator. It means that users who are members
of the group 'sudo' are allowed to runn ALL commands as any (ALL)
user and any (ALL) group, but they have to authenticate (NOPASSW
is missing).

What I'm not sure is whether the whitespace between the '%' and
the 'sudo' is relevant. My /etc/sudoers hasn't that.

> The line numbers shown were provided by
> nano. I know, I know, please keep reading.
> 
> Full disclosure: In a typical Bob fit of impulsivity I, yes, edited
> this file using 'sudo nsno /etc/sudoers'. How much damage have I
> done, what are the penalties for such behaviour, and will I get time
> off for good behaviour?

I don't talk nano. Spanish, German, French and some English, that's
enough for my little brain ;-)

Cheers
 - t

Attachment: signature.asc
Description: Digital signature


Reply to: