Can a line in a file in the /etc/sudoers.d directory have multiple users?

Question

I've got the following file setting permissions on my machine:

/etc/sudoers.d/myuser

This has the following contents:

myuser ALL=(myuser) NOPASSWD: ALL

I'd like to add a second user to this list, something like:

myuser ALL=(myuser, myuser2) NOPASSWD: ALL

My question is: Can a line in a file in the /etc/sudoers.d directory have multiple users?

score 4 · Accepted Answer · answered Nov 04 '17 at 09:28

Yes, according to man sudoers this is allowed.

However, the way you have it it might not work the way you intend to. The part in the parentheses is the user(s), which are allowed to be impersonated via sudo.

Your existing line allows the user myuser to run commands as myuser without using a password, which doesn't make much sense (he can run commands as himself without sudo anyway).

Your modified line allows the user myuser to run commands as himself, or as the user myuser2. If this is what you want, fine.

If you want both myuser and myuser2 to run commands as myuser, you have to add myuser2 at the beginning:

myuser, myuser2 ALL=(myuser) NOPASSWD: ALL

If you want to allow these two users to run administrative commands it should be:

myuser, myuser2 ALL=(ALL) NOPASSWD: ALL

score 1 · Answer 2 · answered Nov 04 '17 at 09:32

1

Of course it can

Effectively the include files from /etc/sudoers.d/ get merged into the main /etc/sudoers configuration file so any directive and combination of directives valid in the main file can be used in the include files

answered Nov 04 '17 at 09:32

HBruijn

77,029
24
135
201

Can a line in a file in the /etc/sudoers.d directory have multiple users?

2 Answers2