sudoes file given more permission than needed
staticdev opened this issue · comments
staticdev commented
sudoes file needs 0400 and it is being edited with 0644. Let's apply the least privileged principle from Ansible for Devops
of @geerlingguy ;)
Jeff Geerling commented
It looks like it's actually 440 by default on a fresh install of Debian at least:
-r--r----- 1 root root 669 Feb 27 2021 sudoers
staticdev commented
@geerlingguy I updated the PR and switched to Debian's default then.