Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The penultimate authority there is the manual page for sudoers. It is second only to the source code.
Code:
man sudoers
It states:
Code:
Including other files from within sudoers
It is possible to include other sudoers files from within the sudoers
file currently being parsed using the #include and #includedir direc‐
tives.
This can be used, for ...
So what you see is the correct syntax for including other configuration files into sudoers. However, it does not explain why such a syntax is used or the etymology of such a syntax which might be your real question.
However, it does mean that you can put additional files in /etc/sudoers.d/ and, as long as they conform to sudoers syntax, they will be used. If they do not conform to the syntax, they will break sudo for you. The advantage of such files is that you can add and remove configurations in an automated manner, if so needed, without needing to parse or search the main configuration file.
It's commented out because, if it was active and there were actually no suitable files in sudoers.d, sudo would stop working! I remember a post here from someone who uncommented this line as an experiment; he couldn't use sudo afterwards and, as he was using a distro of the Ubuntu family, he couldn't easily correct his mistake either. To either correct sudoers or create files in sudoers.d, he needed sudo access...
"You can" in this context means you can in theory, not that you can with the default sudoers configuration.
I remember a post here from someone who uncommented [sic] this line as an experiment; he couldn't use sudo afterwards...
That would be incorrect syntax to remove the pound sign from that directive. Getting locked out will happen with any other syntax error sudoers as well. In this particular case, the #include is the actual syntax, same for #includedir there.
sudoers already uses a lot of special characters, it could be that '#' was unusued and needed as prefix to separate it from other configuration, so that sudo isn't trying to assign things for the user include.
The penultimate authority there is the manual page for sudoers. It is second only to the source code.
Code:
man sudoers
It states:
Code:
Including other files from within sudoers
It is possible to include other sudoers files from within the sudoers
file currently being parsed using the #include and #includedir direc‐
tives.
This can be used, for ...
So what you see is the correct syntax for including other configuration files into sudoers. However, it does not explain why such a syntax is used or the etymology of such a syntax which might be your real question.
However, it does mean that you can put additional files in /etc/sudoers.d/ and, as long as they conform to sudoers syntax, they will be used. If they do not conform to the syntax, they will break sudo for you. The advantage of such files is that you can add and remove configurations in an automated manner, if so needed, without needing to parse or search the main configuration file.
thank you for explaining. So in this case, it is the real syntax of sudoers file. Now I fully understand.
sudoers already uses a lot of special characters, it could be that '#' was unusued and needed as prefix to separate it from other configuration, so that sudo isn't trying to assign things for the user include.
Can you please say a little bit more detail? Still not get your point for the sentence: it could be that '#' was ....."
I am saying that they probably needed a special character which could not be confused with being a group, a username or a command and given the normal usage of # as a comment, it could not be used in any.
Err, it also says "# does not mean comment" in regards to the lines the OP is talking about, Which are #include and #includedir, which are in fact, not comments despite appearing like them.
Err, it also says "# does not mean comment" in regards to the lines the OP is talking about, Which are #include and #includedir, which are in fact, not comments despite appearing like them.
It should probably be mentioned that using 'visudo' is a good idea. It should catch any of your mistakes and keep you from writing a bad config. Don't edit sudoers by hand.
Does not your sudoer file have the included lines before that one line in question in your file?
that is an include command simular to a c file
Code:
#include <stdio.h>
Hi, yes, it's my fault. I did not read carefully the instruction.
But by any way, it also surprises me, when # is usually used with meaning: "comment line".
Hi, yes, it's my fault. I did not read carefully the instruction.
But by any way, it also surprises me, when # is usually used with meaning: "comment line".
yeah it threw me a little when I first seen that in sudoers file then read that line above it saying, ## (the '#' here does not indicate a comment), so I took its word for it and moved on.
I didn't put any reasoning or logic to it until this post showed up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.