What you see sometimes doesn't mean what you think!
I just came across a funny configuration bits on the /etc/sudoers file lately on centos64. The default configuration for /etc/sudoers comes with this (the last 2 lines at the config). Okay, gentlemen. Please pay attention with this. If you would be creating a directory like /etc/sudoers.d/, then basically you are asking sudoer to look at any of the small snippets with in it, or what they called it as drop-in files. Make sure you do have the snippet and stay within this directory. Otherwise, your visudo -c -f /etc/sudoers will complain and shout at you when you save it.
What is make me laugh at it was the syntax of the configuration #includedir. It is telling you that it has been turned on. Don't be fooled because it was commented out (as usual, a sys admin will think the same across, further more most of the tags was commented out). It *doesnt* mean what you think. So, watch out! It bites you!
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
No comments:
Post a Comment