Syntax error in one line in sudoer file cause total failure

I have notice that when I create a sudoer file in the sudoer.d directory, then if I have a syntax error, I cannot do sudo at all, in all accounts.

Why can't they change the mechanism, so it will ignore syntax error line and will only display error message but won't cause total failure and prevent anyone from doing sudo?

The fear is that the misconfiguration may has have inadvertently given someone elevated privileges that they should not have. Suppose that happened, and some user, say joeblow, got root authority and screwed up the system. Then people might complain: Why can't they fix sudo to refrain from running at all when it knows the configuration files have serious errors?

Why do yyou think it says to use visudo to edit shudders file? Which you did not...
If you had used visudo as strongly recommended, that would never had happened� since it will not save anything that risk corrupt sudoers file...

Then why not just ignore from misconfigured lines (and still show warning message about those lines, everytime someone is doing successfully sudo)?

In such case the misconfigured lines won't inadvertently give someone elevated privileges that they should not have, because they (misconfigured lines) will just be ignored.

The situation now is that one syntax error and no one can do sudo, with my it very difficult to fix the syntax itself.

---------- Post updated at 11:21 PM ---------- Previous update was at 11:21 PM ----------

correction:
Which makes it very difficult to fix the syntax itself.

Exactly and that would never have happened if you used visudo� so why insist?

That said anybody with a little sense of responsibility would make a backup copy of any vital configuration file before editing it also� So you should never find yourself stuck...

Suppose it did that. There are still errors you can make that render sudo usuable like "chmod 0 /usr/bin/sudo". As a sysadmin you need to be ready for that and be able to operate when sudo fails.

Here is one trick: When you are fiddling around as root on a system, keep an emergency window with a root prompt ready. Don't close this window until you are sure it is not needed. But don't use it until you must. This "extra root window" trick has saved me a lot of grief. :wink:

1 Like

visudo can help you, but extra copy won't be of much use, because you won't be able to override the existing sudoer file without being able to do sudo

Ah... so you are not root� I use sudo for convenience but I still have root passed if things go wrong...