So you could create the file "/etc/sudoers.d/000" with the following content:User "waltdnes" is a member of "wheel". If the "wheel" line is uncommented in /etc/sudoers, sudo works for me.
%wheel ALL=(ALL:ALL) ALL %wheel ALL=(ALL:ALL) NOPASSWD: ALL and your user is able to synchronise your clock again.I do not know, what the developers were thinking to encourage the user to edit a default file, which gets potentially overwritten after each package update...
"etc-update" helps to have an eye on, but muscle memory and fast fingers are sometimes faster.
This is the best way. Try to be as precise as possible, but be aware of wildcards![1]I go with the more locked down approach
-Ramon[1] https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-4-wildcards/
On 26/10/2022 08:31, Walter Dnes wrote:
On Wed, Oct 26, 2022 at 05:04:35AM +0200, Ramon Fischer wroteHello Walter, I do not think, that this is a bug, since it is the default file, which should not be edited by the user.Firstly "grep -i uncomment /etc/sudoers" results in... ## Uncomment to enable special input methods. Care should be taken as ## Uncomment to use a hard-coded PATH instead of the user's to find commands ## Uncomment to send mail if the user does not enter the correct password. ## Uncomment to enable logging of a command's output, except for ## Uncomment to allow members of group wheel to execute any command ## Uncomment to allow members of group sudo to execute any command ## Uncomment to allow any user to run sudo if they know the password ...I.e. the file is explicitly telling you to edit it if required!!!All changes should be done in "/etc/sudoers.d/" to avoid such cases.My regular user has script "settime" in ${HOME}/bin #!/bin/bash date /usr/bin/sudo /usr/bin/rdate -nsv ca.pool.ntp.org /usr/bin/sudo /sbin/hwclock --systohc date /etc/sudoers.d/001 has, amongst other things, two lines... waltdnes x8940 = (root) NOPASSWD: /sbin/hwclock --systohc waltdnes x8940 = (root) NOPASSWD: /usr/bin/rdate -nsv ca.pool.ntp.org User "waltdnes" is a member of "wheel". If the "wheel" line is uncommented in /etc/sudoers, sudo works for me. If the "wheel" line is commented, then sudo breaks for my regular user.I kept mine unchanged from 2nd October and only have two uncommented lines: [...] root ALL=(ALL:AlL) ALL [...] @includedir /etc/sudoers.d I am using version "1.9.11_p3-r1".Me too. There seem to be two different approaches here. The loose approach is to allow a user to run "sudo <whatever I damn well want>". A more locked down approach allows regular users to run "sudo <very specific command>". This guards against "fat-finger-syndrome". I go with the more locked down approach
-- GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF
OpenPGP_0x155BE26413E699BF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
