sudoers.d files should be mode 0440 instead of 0600?

[alanorth]

While sudoing on an older Debian Squeeze box sudo printed the following message:

$ sudo su -
sudo: /etc/sudoers.d/extra_sudoers is mode 0600, should be 0440
sudo: /etc/sudoers.d/provisioning is mode 0600, should be 0440

And indeed the /etc/sudoers.d/README file says all files in this directory should be mode 0440, yet our playbooks explicitly set it to 0600.

We need to check to see if this applies on CentOS 6 / 7, Debian 7 / 8, and Ubuntu 12.04 / 14.04 as well and use better defaults.

[oguya]

We can always use mode 0440 as recommended on Debian based distros and 0600 on CentOS, I guess. You can also override the file mode by specifying sudoers_mode[1] in sudo.conf[2].

1. http://www.sudo.ws/man/sudoers.man.html
2. http://www.sudo.ws/man/sudo.conf.man.html

[oguya]

Using mode 0440 on Debian-based distros & 0600 on RHEL-based distros shouldn't have major repercussions. Otherwise, I'll merge sudoersd branch into master & close this issue.