How to check sudoers syntax

I have written many articles on sudoers in the past such as best practices and solved many errors related to the sudoers files. This time, one of my readers requested me to verify his sudoers file? Below is the users’ sudoers file. This article explains how to check sudoers syntax.

#
# This file MUST be edited with the ‘visudo’ command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin”

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on “#include” directives:

#includedir /etc/sudoers.d

Though I went line by line and verified all the lines, I couldn’t find the problem. Some of the errors might not be visible to the human eye such as deletion of a character and not closing the braces properly, etc., So the question is how do you get syntax checking for a sudoers file?

The best practice to edit the sudoers file directly is by using visudo as it has a flag that will perform a syntax check on the sudoers file. You can run the below command after the changes are made to check the syntax is correct.

Don't leave the ROOT session

Until you confirm your sudoers file is proper, do NOT leave your ROOT session. Log in to the same server separately and try Sudo commands to check.

# visudo -c
/etc/sudoers: parsed OK

Another awesome feature of visudo is you can tell it to check a specified file rather than only the /etc/sudoers file. This helps to check for the syntax of the file on any server before you roll it out to the production server.

# visudo -cf /tmp/sudoers
/tmp/sudoers: parsed OK
Updated on January 7, 2022

Was this article helpful?

Related Articles

Leave a Comment