Re: /etc/sudoers NOPASSWD entry still prompting for password (432 Views)
Reply
Regular Advisor
Tom Wolf_3
Posts: 232
Registered: ‎03-11-2005
Message 1 of 2 (460 Views)

/etc/sudoers NOPASSWD entry still prompting for password

Hello all.

We're running sudo version 1.6.9p18 on our HP-UX 11.23 ia64 server.

I added the following entry to the end of /etc/sudoers to allow user pfadmin to execute /usr/bin/chmod via sudo without being prompted for a password.

 

pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

Unfortunately, this user is still being prompted.

I tried different variations of the entry as shown below but the user is still being prompted for a password.

Please advise on what the correct entry would be to permit this user to execute the command via sudo with being prompted for a password.

Thanks in advance.

 

-Tom Wolf

 

pfadmin         ALL=(ALL) NOPASSWD:/usr/bin/chmod

pfadmin         ALL=NOPASSWD:/usr/bin/chmod

Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 2 (432 Views)

Re: /etc/sudoers NOPASSWD entry still prompting for password

> pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

This would allow pfadmin to run the chmod command without a password request *only if sudo'ing to user "SU"* in a system with hostname "HERE", like this:

sudo -u SU chmod 660 /some/thing

 ("SU" might also be a reference to a  Runas_Alias defined earlier in the sudoers file, listing one or more usernames, and HERE might be a reference to a Host_Alias.)

 

If there is an earlier entry in the sudoers file that also matches the command the user is using, and it does not have the NOPASSWD: tag, then sudo might be following that entry instead of the one you've added. In cases like this, the order of sudoers file entries may be important.

 

You can run "sudo -U pfadmin -l" to see a list of all the sudoers file entries applying to the pfadmin user. That could be helpful in troubleshooting, especially if your sudoers file is complex.

MK
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation