Adding NOPASSWD in /etc/sudoers doesn't work

It is the sequence/ordering of the rules that caused this. The last rule takes preference.

In order to fix your problem, simply move your lines,

fizzbuzz  ALL=NOPASSWD: ALL
chadmin   ALL=NOPASSWD: ALL

from the sudoers file to

sudo visudo -f /etc/sudoers.d/myOverrides

This is better approach than editing the sudoers file with a plain text editor. If you accidentally insert errors into the file, you may not longer be able to run sudo. Always use visudo, so that the syntax is checked and you receive warnings about mistakes!

Your directive doesn't work because it is overridden by:

%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

If you run the groups command you should see that your user belongs to these groups.

If myuser is in the sudo group, then this order of the lines won't provide passwordless access (as noted by Florian Diesch), because the 3rd line overrides the 1st one.

myuser    ALL=(www-data:www-data) NOPASSWD: ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

So just put the lines into this order:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
myuser    ALL=(www-data:www-data) NOPASSWD: ALL

Under myuser account use sudo -l to check what permissions myuser has.

If multiple entries match for a user the last one is used. So if fizzbuzz and chadmin are members of the groups admin or sudo they will be still asked for a password.

Put the two lines at the end of the sudoers file after the #includedir line.

Adding NOPASSWD in /etc/sudoers doesn't work

Tags:

Sudo

Root

Password

Related

Recent Posts