Month: March 2021

  • Sudoer file not working on Synology due to dots in its name

    I spent one hour to investigate why I couldn’t execute a command with sudo, from a php script, although the user was authorized for that command within a sudoer file… The problem was a dot in the name of the sudoer file.

    Click to Read More

    My php script is part of a package I have created to run on my Synology (DSM 7.x).. It is running under an account named like my package: MODS_Package7.x

    That php script executes the following code:

    $COMMAND = “sudo /usr/syno/bin/synopkg start ‘$PACKAGE’ 2>&1”;
    exec($COMMAND, $output, $result);

    My sudoer file was named /etc/sudoers.d/MODS_Package7.x and contained:

    MODS_Package7.x ALL=(ALL) NOPASSWD: /usr/syno/bin/synopkg

    It didn’t work until I removed the “.”, renaming the sudoer file into /etc/sudoers.d/MODS_Package7_x


    How stupid,  but it’s indeed mentioned in the documentation:

    sudo will read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character to avoid causing problems with package manager or editor temporary/backup files.

    The /etc/sudoers.d/README file does not exist on Synology, but can be found on other Linux

    # As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
    # installation of the package now includes the directive:
    #   #includedir /etc/sudoers.d
    # This will cause sudo to read and parse any files in the /etc/sudoers.d 
    # directory that do not end in '~' or contain a '.' character.
    # Note that there must be at least one file in the sudoers.d directory (this
    # one will do), and all files in this directory should be mode 0440.
    # Note also, that because sudoers contents can vary widely, no attempt is 
    # made to add this directive to existing sudoers files on upgrade.  Feel free
    # to add the above directive to the end of your /etc/sudoers file to enable 
    # this functionality for existing installations if you wish!
    # Finally, please note that using the visudo command is the recommended way
    # to update sudoers content, since it protects against many failure modes.
    # See the man page for visudo for more information.