diff --git a/sudo.spec b/sudo.spec
index 969380e3b4787f83dc05af01b27f18ccc9950b1d..f7d3469204233c2e032c7df15e11766927e7e0ad 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,6 +1,6 @@
 Name: sudo
 Version: 1.8.27
-Release: 4
+Release: 4.h1
 Summary: Allows restricted root access for specified users
 License: ISC
 URL: http://www.courtesan.com/sudo/
@@ -149,6 +149,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
 %exclude %{_pkgdocdir}/ChangeLog
 
 %changelog
+* Fri Apr 17 2020 Anakin Zhang <nbztx@126.com> - 1.8.27-4.h1
+- Read drop-in files from /etc/sudoers.d
+
 * Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-4
 - fix CVE-2019-19232 and CVE-2019-19234
 
diff --git a/sudoers b/sudoers
index ceda3fda2ba780d78509dc132b03ede7e8f89f6f..8926b0e234f4a9985c56c5983c642d87e12d130a 100644
--- a/sudoers
+++ b/sudoers
@@ -38,3 +38,6 @@ root	ALL=(ALL) 	ALL
 
 ## Allows people in group wheel to run all commands
 %wheel	ALL=(ALL)	ALL
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d