16

I wish to add a file to the /etc/sudoers.d folder that includes a directive to allow www-data to run one specific script with no root password.

The directive is

www-data ALL=(ALL) NOPASSWD: /path/to/script.sh

If I visudo and add it to /etc/sudoers, there is no problem.

If I put that line in a file and copy it to /etc/sudoers.d, then visudo, it tells me that the file has a 'syntax error near line 1'.

Is there something else I need to put in the file, or something else I need to do to make it work?

I am running Ubuntu 18.

Thanks!

ZzZombo
  • 103
  • 3
Ben Holness
  • 914
  • 2
  • 10
  • 28

1 Answers1

21

I found out the problem - for files in /etc/sudoers.d, the file must not end at the directive, but on a new line. This is most easily shown with cat -A.

Invalid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.shroot@server:/etc/sudoers.d#

Valid file:

root@server:/etc/sudoers.d# cat -A /etc/sudoers.d/testfile
www-data ALL=(ALL) NOPASSWD: /path/to/script.sh$
root@server:/etc/sudoers.d#
Ben Holness
  • 914
  • 2
  • 10
  • 28
  • 2
    i.e., [the file must be a **valid text file**](https://unix.stackexchange.com/q/446237/70524). If your file doesn't end in a newline, it's not a valid text file. – muru Nov 27 '19 at 06:52
  • 1
    I had no idea that no newline meant it was an invalid text file - I just pasted the line into a file and saved it! – Ben Holness Nov 28 '19 at 17:19
  • Did you use nano or Vim? – muru Nov 29 '19 at 03:34
  • Neither, the file exists within my project and I used the IDE editor (PHPStorm) to create the file, which was then deployed to the staging server and copied to `/etc/sudoers.d` for testing – Ben Holness Nov 29 '19 at 20:42
  • 2
    Blame the lame editor then. Any decent Unix editor will add that final newline if it's missing. – muru Nov 29 '19 at 21:19
  • It's not a Unix editor, but I will still send feedback! – Ben Holness Nov 30 '19 at 13:44