Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

/etc/sudoers NOPASSWD entry still prompting for password

Highlighted
Tom Wolf_3
Valued Contributor

/etc/sudoers NOPASSWD entry still prompting for password

Hello all.

We're running sudo version 1.6.9p18 on our HP-UX 11.23 ia64 server.

I added the following entry to the end of /etc/sudoers to allow user pfadmin to execute /usr/bin/chmod via sudo without being prompted for a password.

 

pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

Unfortunately, this user is still being prompted.

I tried different variations of the entry as shown below but the user is still being prompted for a password.

Please advise on what the correct entry would be to permit this user to execute the command via sudo with being prompted for a password.

Thanks in advance.

 

-Tom Wolf

 

pfadmin         ALL=(ALL) NOPASSWD:/usr/bin/chmod

pfadmin         ALL=NOPASSWD:/usr/bin/chmod

1 REPLY
Matti_Kurkela
Honored Contributor

Re: /etc/sudoers NOPASSWD entry still prompting for password

> pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

This would allow pfadmin to run the chmod command without a password request *only if sudo'ing to user "SU"* in a system with hostname "HERE", like this:

sudo -u SU chmod 660 /some/thing

 ("SU" might also be a reference to a  Runas_Alias defined earlier in the sudoers file, listing one or more usernames, and HERE might be a reference to a Host_Alias.)

 

If there is an earlier entry in the sudoers file that also matches the command the user is using, and it does not have the NOPASSWD: tag, then sudo might be following that entry instead of the one you've added. In cases like this, the order of sudoers file entries may be important.

 

You can run "sudo -U pfadmin -l" to see a list of all the sudoers file entries applying to the pfadmin user. That could be helpful in troubleshooting, especially if your sudoers file is complex.

MK