10-29-2013 11:49 AM
We're running sudo version 1.6.9p18 on our HP-UX 11.23 ia64 server.
I added the following entry to the end of /etc/sudoers to allow user pfadmin to execute /usr/bin/chmod via sudo without being prompted for a password.
pfadmin HERE=(SU) NOPASSWD:/usr/bin/chmod
Unfortunately, this user is still being prompted.
I tried different variations of the entry as shown below but the user is still being prompted for a password.
Please advise on what the correct entry would be to permit this user to execute the command via sudo with being prompted for a password.
Thanks in advance.
pfadmin ALL=(ALL) NOPASSWD:/usr/bin/chmod
10-30-2013 01:38 AM
> pfadmin HERE=(SU) NOPASSWD:/usr/bin/chmod
This would allow pfadmin to run the chmod command without a password request *only if sudo'ing to user "SU"* in a system with hostname "HERE", like this:
sudo -u SU chmod 660 /some/thing
("SU" might also be a reference to a Runas_Alias defined earlier in the sudoers file, listing one or more usernames, and HERE might be a reference to a Host_Alias.)
If there is an earlier entry in the sudoers file that also matches the command the user is using, and it does not have the NOPASSWD: tag, then sudo might be following that entry instead of the one you've added. In cases like this, the order of sudoers file entries may be important.
You can run "sudo -U pfadmin -l" to see a list of all the sudoers file entries applying to the pfadmin user. That could be helpful in troubleshooting, especially if your sudoers file is complex.