🔍 See Original Answer on Ask Ubuntu 🔗
What should /etc/sudoers contain normally?
December 11, 2019
Edited: December 11, 2019
January 3, 2023
Copy to clipboard: false
Here’s what I change on new installations:
$ sudo cat /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset, timestamp_timeout=120, pwfeedback #Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" Defaults:rick !secure_path (... SNIP rest of file unchanged ...)
I put my changes at the top of the file. They are displayed in bold above:
timeoutmakes sudo privalege last for 2 hours so I don’t have retype password every 5 minutes or whatever the default is.
*on screen with each key press during password input.
mail_badpassstops an email being sent to my account each time I enter the sudo password incorrectly.
!secure_pathis explained here: Can I make
sudofollow my path via CLI?