Adding NOPASSWD in /etc/sudoers doesn't work
It is the sequence/ordering of the rules that caused this. The last rule takes preference.
In order to fix your problem, simply move your lines,
fizzbuzz ALL=NOPASSWD: ALL
chadmin ALL=NOPASSWD: ALL
from the sudoers
file to
sudo visudo -f /etc/sudoers.d/myOverrides
This is better approach than editing the sudoers
file with a plain text editor. If you accidentally insert errors into the file, you may not longer be able to run sudo
. Always use visudo
, so that the syntax is checked and you receive warnings about mistakes!
Your directive doesn't work because it is overridden by:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
If you run the groups
command you should see that your user belongs to these groups.
If myuser is in the sudo group, then this order of the lines won't provide passwordless access (as noted by Florian Diesch), because the 3rd line overrides the 1st one.
myuser ALL=(www-data:www-data) NOPASSWD: ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
So just put the lines into this order:
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
myuser ALL=(www-data:www-data) NOPASSWD: ALL
Under myuser account use sudo -l
to check what permissions myuser has.
If multiple entries match for a user the last one is used. So if fizzbuzz
and chadmin
are members of the groups admin
or sudo
they will be still asked for a password.
Put the two lines at the end of the sudoers
file after the #includedir
line.