Permission to execute sudo commands without password rules being overwritten by another file

Hi, I just installed Endeavour and so far I am loving it.

As I was trying to configure the system I noticed that the sudoers config file was not behaving properly. After enabling all users of the wheel group to be able to run commands with sudo privileges without requiring password, it still didn’t work. Apparently the rule for the wheel group is being overwritten by a file in sudoers.d named 10-installer. The file contains only one line %wheel ALL=(ALL) ALL. I’d like to know what exactly is this file doing and if it is okay to edit it or remove it since it seems to not be doing anything special. Thanks!

Well, it’s granting sudo privileges to all members of the wheel group, which is at least a little special.

The /etc/sudoers.d/10-installer file is a drop-in file used for configuration. Notice the last line of /etc/sudoers:

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

Drop-in files allow modifications to the default configuration of a file without physically editing the file itself. This has the advantage of the system being able to update the original file (to add new features, new syntax, etc) without creating a .pacnew file (.pacnew files must be handled - carefully - by the user).

Drop-in files for sudoers can also make management of multiple users easier if there are a number of users on the system.

https://wiki.archlinux.org/title/systemd#Drop-in_files

The 10-installer file gives sudo privileges to all members in the wheel group. If you want to enable passwordless sudo privileges for the wheel group, change that line to:

%wheel ALL=(ALL:ALL) NOPASSWD: ALL

If you have already edited your /etc/sudoers file, either return it to its original unedited state and use the 10-installer file for configuration, or delete the /etc/sudoers.d/10-installer file and use the direct edits to the /etc/sudoers instead.

7 Likes

Well, it’s granting sudo privileges to all members of the wheel group, which is at least a little special.

Aha yes, apologies, I meant to say that it wasn’t doing anything special considering I had already configured the rule in sudoers.

Thank you so much for the help and for the additional info! :smiley:

2 Likes

Hello @vugonz and welcome aboard :enos: forums.

Please mark @Stagger_Lee’s post as a SOLUTION, so it can help members with the same issue in the future :wink:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.