Limit permissions of /etc/sudoers.d

[sprat]

For security purpose, the permissions of /etc/sudoers.d should probably be set to 0750. It would be a nice addition to the role. If you agree with that, I can probably make a pull request.

[tersmitten]

I'm not against it, but would it be better to leave it to the package maintainer to decide?

[tersmitten]

We don't create the directory

[tersmitten]

And the files inside are already safe (0440)

[sprat]

Yes, the files are safe but not the directory, and it was reported as a security warning by lynis, probably because a malicious user can obtain some information about the available users by listing the directory. That's why I reported this problem. It can probably be an option in the role, so that the end-user can decide if he wants to change the permissions or keep the permissions as is.

[tersmitten]

Renamed it to sudoers_sudoers_d_directory_mode.

Thanks for the addition!

[sprat]

Thanks!