Azure Ubuntu VM-Waagent配置

Question

I have on my Ubuntu 16.04 VM in /etc/sudoers.d/waagent the configuration that is unwanted. Even if I log as root, root has only read permission.

How should I safely edit configuration for Azure waagent ?

I wanna change someuser ALL=(ALL) NOPASSWD:ALL to someuser ALL=(ALL) ALL

Can I simply add write permission for root and edit the file or need I do it in different way via Azure commands?

I would like to prevent the case when sudo configuration is damaged due fact I have no physical access to VM and cannot fix it.

Answer 1

For your issue, I think there is no more safe way to edit the /etc/sudoers.d/waagent(in my side, the file name is /etc/sudoers.d/90-cloud-init-users). The file just can be edited with the root permission. If you use the root to edit then everything works in the same way.

So I suggest you can just use the root user, add the write permission and edit the file as you want. But do not forget to change the permission back, in other words, remove the write permission when everything is OK.

Answer 2

Short answer:

Use visudo -f /etc/sudoers.d/waagent

Long answer:

When editing sudoers files, always use visudo . It is a vi editor, but includes built-in checks to prevent you from corrupting the file and will allow you to save the file even though there's no write permissions on the file (assuming you run it as root). Changing the permissions on the file to allow write access and using a normal text editor is a bad idea. Too easy to forget to change it back and one misplaced symbol or misspelled word can corrupt the file. That's why there is no write permission by default - to act as a check to prevent unwanted modifications that could potentially render your system unusable.