Operating System - HP-UX
1748252 Members
3934 Online
108760 Solutions
New Discussion

/etc/sudoers NOPASSWD entry still prompting for password

 
Tom Wolf_3
Valued Contributor

/etc/sudoers NOPASSWD entry still prompting for password

Hello all.

We're running sudo version 1.6.9p18 on our HP-UX 11.23 ia64 server.

I added the following entry to the end of /etc/sudoers to allow user pfadmin to execute /usr/bin/chmod via sudo without being prompted for a password.

 

pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

Unfortunately, this user is still being prompted.

I tried different variations of the entry as shown below but the user is still being prompted for a password.

Please advise on what the correct entry would be to permit this user to execute the command via sudo with being prompted for a password.

Thanks in advance.

 

-Tom Wolf

 

pfadmin         ALL=(ALL) NOPASSWD:/usr/bin/chmod

pfadmin         ALL=NOPASSWD:/usr/bin/chmod

1 REPLY 1
Matti_Kurkela
Honored Contributor

Re: /etc/sudoers NOPASSWD entry still prompting for password

> pfadmin         HERE=(SU) NOPASSWD:/usr/bin/chmod

 

This would allow pfadmin to run the chmod command without a password request *only if sudo'ing to user "SU"* in a system with hostname "HERE", like this:

sudo -u SU chmod 660 /some/thing

 ("SU" might also be a reference to a  Runas_Alias defined earlier in the sudoers file, listing one or more usernames, and HERE might be a reference to a Host_Alias.)

 

If there is an earlier entry in the sudoers file that also matches the command the user is using, and it does not have the NOPASSWD: tag, then sudo might be following that entry instead of the one you've added. In cases like this, the order of sudoers file entries may be important.

 

You can run "sudo -U pfadmin -l" to see a list of all the sudoers file entries applying to the pfadmin user. That could be helpful in troubleshooting, especially if your sudoers file is complex.

MK