Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

/etc/sudoers NOPASSWD entry still prompting for password

Tom Wolf_3
Valued Contributor

/etc/sudoers NOPASSWD entry still prompting for password

Hello all.

We're running sudo version 1.6.9p18 on our HP-UX 11.23 ia64 server.

I added the following entry to the end of /etc/sudoers to allow user pfadmin to execute /usr/bin/chmod via sudo without being prompted for a password.

 

pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

Unfortunately, this user is still being prompted.

I tried different variations of the entry as shown below but the user is still being prompted for a password.

Please advise on what the correct entry would be to permit this user to execute the command via sudo with being prompted for a password.

Thanks in advance.

 

-Tom Wolf

 

pfadmin         ALL=(ALL) NOPASSWD:/usr/bin/chmod

pfadmin         ALL=NOPASSWD:/usr/bin/chmod

1 REPLY
Highlighted
Matti_Kurkela
Honored Contributor

Re: /etc/sudoers NOPASSWD entry still prompting for password

> pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

This would allow pfadmin to run the chmod command without a password request *only if sudo'ing to user "SU"* in a system with hostname "HERE", like this:

sudo -u SU chmod 660 /some/thing

 ("SU" might also be a reference to a  Runas_Alias defined earlier in the sudoers file, listing one or more usernames, and HERE might be a reference to a Host_Alias.)

 

If there is an earlier entry in the sudoers file that also matches the command the user is using, and it does not have the NOPASSWD: tag, then sudo might be following that entry instead of the one you've added. In cases like this, the order of sudoers file entries may be important.

 

You can run "sudo -U pfadmin -l" to see a list of all the sudoers file entries applying to the pfadmin user. That could be helpful in troubleshooting, especially if your sudoers file is complex.

MK