On Tue, Aug 10, 2021 at 02:19:18AM -0400, Bob Bernstein wrote: > My copy (buster amd64) of lines 23-24 of /etc/sudoers looks like > this: > > 23 # Allow members of group sudo to execute any comm$ > 24 % sudo ALL=(ALL:ALL) ALL > > Is that '%' a comment char? No. It is a group indicator. It means that users who are members of the group 'sudo' are allowed to runn ALL commands as any (ALL) user and any (ALL) group, but they have to authenticate (NOPASSW is missing). What I'm not sure is whether the whitespace between the '%' and the 'sudo' is relevant. My /etc/sudoers hasn't that. > The line numbers shown were provided by > nano. I know, I know, please keep reading. > > Full disclosure: In a typical Bob fit of impulsivity I, yes, edited > this file using 'sudo nsno /etc/sudoers'. How much damage have I > done, what are the penalties for such behaviour, and will I get time > off for good behaviour? I don't talk nano. Spanish, German, French and some English, that's enough for my little brain ;-) Cheers - t
Attachment:
signature.asc
Description: Digital signature