In a nutshell: Add permissions with configuration files in /etc/sudoers.d

I have been trying to set default permissions for my own user in my machine ((K)Ubuntu 11.10), in order to setup automation scripts for i.e. mounting filesystems at logon, changing permissions, etc. After looking around, I found very useful posts like this one and this other, and I decided to put my conclusions on the following short list:

  • You need to use sudo visudo to edit the base sudoers file.
  • If you run sudo visudo you may notice there is a line that reads #includedir /etc/sudoers.d. Never mind the # character, this line is enabled, not commented out as one may unsuspectingly assume. Just don’t touch it.
  • To create a new set of permissions, follow these steps:
  1. Create a configuration file, elsewhere not in the /etc/sudoers.d directory. Don’t name it with ‘~‘ characters or periods (‘.‘). Example:
$ nano mount_conf
  1. Fill it up with the settings you will use. This thread does a nice introduction at making these settings up. Example:
# Enable me to mount/umount simply
Host_Alias HOST = your_machine_name. You can get it by running cat /etc/hostname

Cmnd_Alias MOUNT    = /bin/mount,/bin/umount
Cmnd_Alias FILEPERM = /bin/chown

  1. Save it, and now prepare it for moving it into the /etc/sudoers.d directory:
$sudo chown root:root mount_conf
$sudo chmod 0440 mount_conf
$sudo mv mount_conf /etc/sudoers.d/
  1. Check everything went fine, by running sudo -l. Example output:
$sudo -l
Matching Defaults entries for luis on this host:

User luis may run the following commands on this host:
 (root) NOPASSWD: /bin/mount, /bin/umount, (root) /bin/chown

Hopefully you’ll be able to mount and umount filesystems, and also change ownership of files, if you follow the example. You will still need to prepend sudo to the invocation of the command, but then it won’t ask for your password.