Selectively enable sudo without password

Question

On my Ubuntu system I followed the instructions for enabling sudo without a password.

It is working well, or should I say too well.

I have a couple of users, say userA and userB, who have been added to the sudo group.

sudo usermod -aG sudo userA
sudo usermod -aG sudo userB

I did sudo visudo and I added the following line at the bottom (i.e. the very last line):
userA ALL=(ALL) NOPASSWD: ALL

However, I am finding that sudo without password is enabled for both userA and userB.

Question: How can I enable sudo without password for userA, but not userB?

Does this answer your question? Enable passwordless sudo as a specific user — cocomac, Dec 10 '21 at 20:10

score 0 · Answer 1 · answered Dec 10 '21 at 20:22

If, as you have done, the users are in the sudo group, they'll match the more general %sudo pattern in the sudoers file, and never see the UserA or UserB lines.

If you want fine-grained control, remove both UserA and UserB from the sudo group.

sudo deluser --system UserA sudo
sudo deluser --system UserB sudo

Read man sudoers deluser.

Selectively enable sudo without password

1 Answers1