debcrafters-packages team mailing list archive

Thread
Date

[Bug 2121837] [NEW] ignoring files that end in .conf in /etc/sudoers.d

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Brian <2121837@xxxxxxxxxxxxxxxxxx>
Date: Mon, 01 Sep 2025 21:19:30 -0000
Reply-to: Bug 2121837 <2121837@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

On Ubuntu 25.04 (sudo version 1.9.16p2-1ubuntu1.1), files in
/etc/sudoers.d/ with a .conf extension are not honored by sudo, even
though the documentation states that only files ending in .conf (or with
no dot at all) should be read. My /etc/sudoers contains @includedir
/etc/sudoers.d, and visudo -cf /etc/sudoers.d/filename.conf parses OK,
but only files with no dot in the name are actually used. Permissions
and ownership are correct (root:root 0440). Changing the filename to
remove .conf makes it work immediately.

To be clear, I did not change any contents, permissions, or ownership of
the file to make it start working correctly.  I simply renamed it from
brian_cset.conf, to brian_cset (without the .conf).  Prior to doing
that, "visudo -cf /etc/sudoers.d/brian_cset.conf" responded with "parsed
OK" but "visudo -c" did not list the file.  After renaming the file,
"visudo -c" lists the file, and it lists as "parsed OK" after, to be
clear, doing nothing other than removing the .conf at the end, which is
supposed to be allowed.

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: sudo

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2121837

Title:
  ignoring files that end in .conf in /etc/sudoers.d

Status in sudo package in Ubuntu:
  New

Bug description:
  On Ubuntu 25.04 (sudo version 1.9.16p2-1ubuntu1.1), files in
  /etc/sudoers.d/ with a .conf extension are not honored by sudo, even
  though the documentation states that only files ending in .conf (or
  with no dot at all) should be read. My /etc/sudoers contains
  @includedir /etc/sudoers.d, and visudo -cf
  /etc/sudoers.d/filename.conf parses OK, but only files with no dot in
  the name are actually used. Permissions and ownership are correct
  (root:root 0440). Changing the filename to remove .conf makes it work
  immediately.

  To be clear, I did not change any contents, permissions, or ownership
  of the file to make it start working correctly.  I simply renamed it
  from brian_cset.conf, to brian_cset (without the .conf).  Prior to
  doing that, "visudo -cf /etc/sudoers.d/brian_cset.conf" responded with
  "parsed OK" but "visudo -c" did not list the file.  After renaming the
  file, "visudo -c" lists the file, and it lists as "parsed OK" after,
  to be clear, doing nothing other than removing the .conf at the end,
  which is supposed to be allowed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2121837/+subscriptions

Follow ups

[Bug 2121837] Re: ignoring files that end in .conf in /etc/sudoers.d
From: Simon Chopin, 2025-09-03