takeshixx
commented
7 years ago Thanks for the hint. I've added a hint for using visudo in 60f31da966255e0b112819ea685419e4d0f72a6b. If that resolves the issue, please close it.
Closed mmccul closed 7 years ago
takeshixx
commented
7 years ago Thanks for the hint. I've added a hint for using visudo in 60f31da966255e0b112819ea685419e4d0f72a6b. If that resolves the issue, please close it.
Traxes
commented
7 years ago Thanks & resolved
Never edit the sudoers file directly. Always use visudo and work on a file in /etc/sudoers.d/ or you will suffer great pain as you mangle the file and suddenly have to reload the OS because of a typo causing invalid syntax. Using visudo checks before installing your changes, and working on a separate file means you can remove the offending file in worst case to recover. Multiple files are also much easier for cfgmgmt to work with.
Also, disabling caching is a pretty sure way to guarantee users add in entries like:
Defaults:%group !authenticate
which completely bypasses reauthentication.