as suggested here, I checked my /etc/sudoers on the staging server looks like this:
root@lc-blogs-stage:~# cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
I changed the permissions of the sudoers.d folder to 0440
now it looks like this:
dr–r----- 2 root root 4096 Aug 27 00:52 sudoers.d/
and the files inside that folder look like this
Last login: Sat Aug 27 11:36:23 2016 from 86.179.185.201
root@lc-blogs-stage:~# ll /etc/sudoers.d/
total 20
dr–r----- 2 root root 4096 Aug 27 00:52 ./
drwxr-xr-x 103 root root 4096 Aug 27 11:35 …/
-r–r----- 1 root root 119 Aug 26 19:22 90-cloud-init-users
-r–r----- 1 root root 958 Mar 30 19:57 README
-r–r----- 1 root root 210 Aug 27 00:52 web-services