diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index 82a8a12ee70e0..750273d7998bd 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -91,6 +91,12 @@ SHELL ["/bin/bash", "-c"]
 RUN apt-get update && apt-get install --yes ca-certificates
 
 COPY files /
+# We used to copy /etc/sudoers.d/* in from files/ but this causes issues with
+# permissions and layer caching. Instead, create the file directly.
+RUN mkdir -p /etc/sudoers.d && \
+    echo 'coder ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/nopasswd && \
+	chmod 750 /etc/sudoers.d/ && \
+	chmod 640 /etc/sudoers.d/nopasswd
 
 # Install packages from apt repositories
 ARG DEBIAN_FRONTEND="noninteractive"
diff --git a/dogfood/files/etc/sudoers.d/nopasswd b/dogfood/files/etc/sudoers.d/nopasswd
deleted file mode 100644
index 416d0811fcf40..0000000000000
--- a/dogfood/files/etc/sudoers.d/nopasswd
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow the Coder user to execute sudo without a password
-coder ALL=(ALL) NOPASSWD:ALL