Skip to content

UX: /etc/sudeoers.d/myrules.conf doesn't work - allow dots or help users along the way #486

New issue
New issue
Open
Open
UX: /etc/sudeoers.d/myrules.conf doesn't work - allow dots or help users along the way#486
@dreua

Description

@dreua
dreua
opened on Dec 13, 2025

In my experience the drop in directories like /etc/ssh/ssh_config.d/ for example need a .conf file extension to actually take effect. For sudo the contrary seems to be the case: The file is silently ignored if it contains a dot which of course is true for my file ending in .conf.

In an ideal world there would be a standard for stuff like that so that users like me wouldn't need to remember or figure it out as they are using a myriad of different tools. On the other hand I realize that changing that behavior now for sudo might be problematic for all the systems already depending on that behavior, as much as I'd like to see it unified. (But maybe allowing just .conf wouldn't be too bad? The Documentation just mentions that dotted files are skipped to avoid issues with package managers but I don't think any of them would be writing .conf files there...)

What else could be done to improve the UX?

  • Put a readme.txt or a example file in sudoers.d which educates about this circumstance, this is the first place I have looked but the directory was empty for me. (Fedora 43 after many upgrades.)
  • I've briefly looked into man sudoers but didn't really think about where to look specifically. Only later I found that the information is actually there hidden somewhere in the middle of of over 2000 lines. (A search engine and stackoverflow came to the rescue.)
  • I've tried sudo -v and looked into man sudo for a verbose mode (which is helpful in debugging ssh client issues) and also tried sudo -l but neither helped me figure out why my new .conf file was doing nothing.
  • At least when running interactively (like asking for a password) I don't see any harm in announcing that a dotted file in sudoers.d was skipped because of the dot.

Finally a big thank you to all the people creating and maintaining sudo! ❤️
(Apart from this minor annoyance in the config it never let me down 😉 )

In retrospect the title for this issue feels a bit clunky, feel free to edit or suggest improvements if you got better ideas.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions