Summary

/hipchat-scm/chef-repo/cookbooks/sudo/templates/default/sudoers.erb doesn't have a new line at EOF. Since it ends with #includedir /etc/sudoers.d28995, this last line will be ignored until a new line is added.

Steps to Reproduce

Without the new line at the end:

The last #includedir /etc/sudoers.d28995 is ignored:

# visudo -c -f /etc/sudoers
/etc/sudoers: parsed OK

With the new line at the end:

The last #includedir /etc/sudoers.d28995 is counted and the directory is parsed:

# visudo -c -f /etc/sudoers
/etc/sudoers: parsed OK
/etc/sudoers.d28995/hipchat: parsed OK

Expected Results

All sudoers files created under /etc/sudoers.d28995/ will be parsed

Actual Results

sudoers files created under /etc/sudoers.d28995/ are ignored

Suggested solution:

Change sudoers.erb to end in a new line.
Additionally, we're including the directory /etc/sudoers.d28995 while it doesn't exist. Though, we do have /etc/sudoers.d and I think we should be including that one:

# ll /etc/sudoers.d
total 8
-r--r----- 1 root root 178 Dec 19 13:51 90-cloud-init-users
-r--r----- 1 root root 958 Feb 10  2014 README

Workaround

1. Upload the attached add_sudoers_new_line to /home/admin/startup_scripts
2. Make it executable

   chmod +x /home/admin/startup_scripts/add_sudoers_new_line
   

3. Run it manually, it will add a new line at the end of /etc/sudoers

   /home/admin/startup_scripts/add_sudoers_new_line
   

4. By placing add_sudoers_new_line under /home/admin/startup_scripts/, it will run with every upgrade, Chef run or server reboot. Thus, your change will persist.