A system administrator needs to grant the 'webdev' group permissions to restart the Apache service without editing the main /etc/sudoers file. Following best practices for modular configuration, which of the following approaches should the administrator take?
Append the line %webdev ALL=(ALL) /usr/bin/systemctl restart apache2 to the end of the /etc/sudoers file.
Create a file named /etc/sudoers.d/webdev.conf with the line %webdev ALL=(ALL) /usr/bin/systemctl restart apache2.
Create a file named /etc/sudoers.d/webdev_perms with the line %webdev ALL=(ALL) /usr/bin/systemctl restart apache2 and set its permissions to 0440.
Create a file named /etc/sudoers.d/webdev_perms with the line %webdev ALL=(ALL) /usr/bin/systemctl restart apache2 and set its permissions to 0664.
The correct answer is to create a new file within the /etc/sudoers.d directory. This file must have a name that does not contain a '.' or end in a '~', and it should have restrictive permissions, typically 0440, to prevent unauthorized modification or viewing. Creating a file named webdev_perms with the content %webdev ALL=(ALL) /usr/bin/systemctl restart apache2 and setting its permissions to 0440 is the secure and correct method.
Creating a file with a name like webdev.conf is incorrect because sudo ignores files in /etc/sudoers.d that contain a dot in their filename to avoid issues with package manager backup files.
Appending the rule directly to /etc/sudoers is not considered a best practice for modularity, as it can be overwritten by system updates and makes managing configurations for different applications or groups more difficult.
Creating a file with 0664 permissions is incorrect. Files in /etc/sudoers.d are sensitive and should not be writable by the group or world, as this poses a significant security risk. sudo will ignore files with insecure permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the `/etc/sudoers.d` directory?
Open an interactive chat with Bash
Why is setting permissions to `0440` important for files in `/etc/sudoers.d`?
Open an interactive chat with Bash
Why does `sudo` ignore files in `/etc/sudoers.d` with dots in their names?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .