sudoes file given more permission than needed

Question

staticdev opened this issue 2 years ago · comments

sudoes file needs 0400 and it is being edited with 0644. Let's apply the least privileged principle from Ansible for Devops of @geerlingguy ;)

Jeff Geerling · Answer 1 · Fri Aug 05 2022 00:32:10 GMT+0800 (China Standard Time)

It looks like it's actually 440 by default on a fresh install of Debian at least:

-r--r-----   1 root root    669 Feb 27  2021 sudoers

staticdev · Answer 2 · Tue Aug 09 2022 18:27:14 GMT+0800 (China Standard Time)

@geerlingguy I updated the PR and switched to Debian's default then.