On Tue, 10 Aug 2021 at 16:58, <to...@tuxteam.de> wrote: > On Tue, Aug 10, 2021 at 02:19:18AM -0400, Bob Bernstein wrote:
> > My copy (buster amd64) of lines 23-24 of /etc/sudoers looks like > > this: > > 23 # Allow members of group sudo to execute any comm$ > > 24 % sudo ALL=(ALL:ALL) ALL > > > > Is that '%' a comment char? > No. It is a group indicator. It means that users who are members > of the group 'sudo' are allowed to runn ALL commands as any (ALL) > user and any (ALL) group, but they have to authenticate (NOPASSW > is missing). > What I'm not sure is whether the whitespace between the '%' and > the 'sudo' is relevant. My /etc/sudoers hasn't that. 'man 5 sudoers' format specification shows no space between the '%' and the group name. By that guidance, it looks wrong and I would remove it.
