Adding a commented line to a file should not have any effect, no matter what the file is or what the comment says. It should just be only a comment.

If you change a line which is actually doing something to be a comment instead (by adding a “#” in front of the line, or whatever the commenting syntax is for the file you are working in), that will have an effect because you are effectively removing that line from the file. But in your example here, you have left the line which is having an effect alone, and added a comment to a separate file so no change was made.

You can override the line in the main file if you wish by providing a different setting in the drop-in file. For example, if you want Wheel to be able to sudo as root but a password is required, you can add the line in your drop-in like this:

%wheel ALL=(ALL:ALL) ALL

This will override the NOPASSWD version in the main sudoers file, because the options are read and applied in order and the drop-ins come after the main file.

But in this case I would say it would be more logical to edit the main file with sudo visudo and properly remove the unwanted amendment, instead of having a modification for a modification which provides what is essentially the default behavior.

It sounds like you may have set this up correctlyt, but just to double-check: this directory should be /etc/systemd/logind.conf.d/.

Unlike the sudoers drop-in, the drop-in here should be named with .conf. powerbutton_suspend.conf should be fine. It shouldn’t be a hidden file (with the “.” in front), I’m not sure if that will break it but it certainly is not needed.

[unit] is not right, it should say [Login]. See the reference written in the comments of /etc/systemd/logind.conf:

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/logind.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/logind.conf' to display the full config.
#
# See logind.conf(5) for details.

[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
#UserStopDelaySec=10
#HandlePowerKey=poweroff
#HandlePowerKeyLongPress=ignore
#HandleRebootKey=reboot
#HandleRebootKeyLongPress=poweroff
#HandleSuspendKey=suspend
#HandleSuspendKeyLongPress=hibernate
#HandleHibernateKey=hibernate
#HandleHibernateKeyLongPress=ignore
#HandleLidSwitch=suspend
#HandleLidSwitchExternalPower=suspend
#HandleLidSwitchDocked=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
#RebootKeyIgnoreInhibited=no
#HoldoffTimeoutSec=30s
#IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodesMax=
#RemoveIPC=yes
#InhibitorsMax=8192
#SessionsMax=8192
#StopIdleSessionSec=infinity

You can read more about the options in this file with man logind.conf.

So you drop-in file should be like this:

[Login]
HandlePowerKey=suspend

You will have to log out and back in or reboot after getting this set up.

If you are using a display manager to log in, typically logind.conf will “just work”. If you log in from a TTY or have a home-rolled solution for that you may need to manually send an idle hint to get it working.

Cheers @BluishHumility,

lol yep just changed [Unit] to [Login] and it did the trick after a reboot. It didn’t actually remove or alter anything tho in the main file that I can see. But it works lol, Thank you!.

Even with your explanation (big thanks for that) about sudoer I still don’t get it. Let me try to explain the way I understand it and maybe you’ll be able to see what’s wrong with the way I’m looking at it.

if I want to edit the sudoers file without using visudo I can by adding a drop-in file to sudoers.d directory. Of course when I first create that drop-in file the file will be empty (not trying to be rude honestly, just trying to be clear), I’m sure it can’t be the case that I just create a file with nothing else except #. So what I did was create the drop-in file putting it into the sudoers.d directory and added the line I wanted to comment out with the #.

right now my files are like so:

[root@AnNasrun sudoers.d]# ls
comment_wheel
[root@AnNasrun sudoers.d]# cat comment_wheel
# %wheel ALL=(ALL:ALL) ALL NOPASSWORD: ALL

[root@AnNasrun etc]# cat sudoers
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias	WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias	ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# 			    /usr/bin/pkill, /usr/bin/top
#
# Cmnd_Alias	REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
#
# Cmnd_Alias	DEBUGGERS = /usr/bin/gdb, /usr/bin/lldb, /usr/bin/strace, \
# 			    /usr/bin/truss, /usr/bin/bpftrace, \
# 			    /usr/bin/dtrace, /usr/bin/dtruss
#
# Cmnd_Alias	PKGMAN = /usr/bin/apt, /usr/bin/dpkg, /usr/bin/rpm, \
# 			 /usr/bin/yum, /usr/bin/dnf,  /usr/bin/zypper, \
# 			 /usr/bin/pacman

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to restore the historic behavior where a command is run in
## the user's own terminal.
# Defaults !use_pty
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
## Sudo will create up to 2,176,782,336 I/O logs before recycling them.
## Set maxseq to a smaller number if you don't have unlimited disk space.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
# Defaults maxseq = 1000
##
## Uncomment to disable intercept and log_subcmds for debuggers and
## tracers.  Otherwise, anything that uses ptrace(2) will be unable
## to run under sudo if intercept_type is set to "trace".
# Defaults!DEBUGGERS !intercept, !log_subcmds
##
## Uncomment to disable intercept and log_subcmds for package managers.
## Some package scripts run a huge number of commands, which is made
## slower by these options and also can clutter up the logs.
# Defaults!PKGMAN !intercept, !log_subcmds

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
%wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo	ALL=(ALL:ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

I hope you can see where I’m going wrong.

I think you were saying that to override the wheel group with no-password I need to put an opposing line into the file. Is that the only way?

So If I want to comment the wheel out all together then the only way to do that is with visudo?

If I had it set-up so that wheel group required password then I’m assuming I’d just put

%wheel ALL=(ALL:ALL) NOPASSWD: ALL

into the file

lol maybe I do get it now. Going to go and try it out.

hahahahah wicked man thank you so much!!!

I suppose would only want to disable wheel group all together in the event of some sort of breach.

Going to go and try and read the man pages. lol Honest I did before, but going to try again now I know what to look for. lol Disaster if I still don’t get it.

lol oh gosh, even just this makes sense now.

NAME

logind.conf, logind.conf.d - Login manager configuration files

SYNOPSIS

/etc/systemd/logind.conf

/etc/systemd/logind.conf.d/*.conf

It’s very different after having some understanding

I can’t find anywhere that would indicate to me that the section should be [Login]. lol Of course except the file itself

# Use 'systemd-analyze cat-config systemd/logind.conf' to display the full config.
#
# See logind.conf(5) for details.

[Login]
#NAutoVTs=6
#ReserveVT=6

(Don’t want to keep this post open just adding this to remind myself as have booked marked this)

A drop-in file is an excerpt of the original config file. Therefore the syntax will be the same as the original config.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.