> User "waltdnes" is a member of "wheel". If the "wheel" line is > uncommented in /etc/sudoers, sudo works for me. So you could create the file "/etc/sudoers.d/000" with the following content:     %wheel ALL=(ALL:ALL) ALL     %wheel ALL=(ALL:ALL) NOPASSWD: ALL and your user is able to synchronise your clock again. I do not know, what the developers were thinking to encourage the user to edit a default file, which gets potentially overwritten after each package update... "etc-update" helps to have an eye on, but muscle memory and fast fingers are sometimes faster. > I go with the more locked down approach This is the best way. Try to be as precise as possible, but be aware of wildcards![1] -Ramon [1] https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-4-wildcards/ On 26/10/2022 08:31, Walter Dnes wrote: > On Wed, Oct 26, 2022 at 05:04:35AM +0200, Ramon Fischer wrote >> Hello Walter, >> >> I do not think, that this is a bug, since it is the default file, which >> should not be edited by the user. > Firstly "grep -i uncomment /etc/sudoers" results in... > > ## Uncomment to enable special input methods. Care should be taken as > ## Uncomment to use a hard-coded PATH instead of the user's to find commands > ## Uncomment to send mail if the user does not enter the correct password. > ## Uncomment to enable logging of a command's output, except for > ## Uncomment to allow members of group wheel to execute any command > ## Uncomment to allow members of group sudo to execute any command > ## Uncomment to allow any user to run sudo if they know the password > > ...I.e. the file is explicitly telling you to edit it if required!!! > >> All changes should be done in "/etc/sudoers.d/" to avoid such cases. > My regular user has script "settime" in ${HOME}/bin > > #!/bin/bash > date > /usr/bin/sudo /usr/bin/rdate -nsv ca.pool.ntp.org > /usr/bin/sudo /sbin/hwclock --systohc > date > > /etc/sudoers.d/001 has, amongst other things, two lines... > > waltdnes x8940 = (root) NOPASSWD: /sbin/hwclock --systohc > waltdnes x8940 = (root) NOPASSWD: /usr/bin/rdate -nsv ca.pool.ntp.org > > User "waltdnes" is a member of "wheel". If the "wheel" line is > uncommented in /etc/sudoers, sudo works for me. If the "wheel" line is > commented, then sudo breaks for my regular user. > >> I kept mine unchanged from 2nd October and only have two uncommented lines: >> >>     [...] >>     root ALL=(ALL:AlL) ALL >>     [...] >>     @includedir /etc/sudoers.d >> >> I am using version "1.9.11_p3-r1". > Me too. > > There seem to be two different approaches here. The loose approach is > to allow a user to run "sudo ". A more locked > down approach allows regular users to run "sudo ". > This guards against "fat-finger-syndrome". I go with the more locked > down approach > -- GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF