1

I did not notice it but it has been quite a while since I entered the password for using sudo priviledges.

Here is my /etc/sudoers file:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
%jupiter ALL=NOPASSWD: /usr/lib/jupiter/scripts/bluetooth, /usr/lib/jupiter/scripts/camera, /usr/lib/jupiter/scripts/cpu-control, /usr/lib/jupiter/scripts/resolutions, /usr/lib/jupiter/scripts/rotate, /usr/lib/jupiter/scripts/touchpad, /usr/lib/jupiter/scripts/vga-out, /usr/lib/jupiter/scripts/wifi

This worries me because any script can now run without me having to enter the password.

I have seen the following questions, but they seem unrelated to this post:

How do I make sudo always prompt me for a password(expept for the timeout duration given in /etc/sudoers file?

P.S.: I have some aliases set in my .bash_aliases that have commands using sudo, but I hope that is unrelated to the password prompt, or is it?

Community
  • 1
jobin
  • 27,708
  • you need to be more concrete on your question. Is it that you want to use sudo without password for your user only? Or you just want to keep the use of sudo with password and only few scripts running without password? :) –  Sep 24 '13 at 14:57

2 Answers2

2

Your last line is the culprit. I do not know why, maybe it's a bug or I do not know all Linux rules.

You should consider these lines:

# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.

So remove the last line and put it in /etc/sudoers.d/sudo-jupiter. Now revert back permissions on /etc/sudoers to u-x and restart the system.

Necktwi
  • 1,057
1

I found that installing grizzly openstack using devstack using the on Ubuntu 12.10 created a file /etc/sudoers.d/50_stack_sh whose contents are as follows:

jobin ALL=(root) NOPASSWD:ALL
Defaults:jobin secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin

This removed the prompt for password for all commands and I could run these commands as root and thus I was never prompted for a password.

To solve this, I deleted the /etc/sudoers.d/50_stack_sh file(I did not need openstack anymore). For those who need openstack and a password prompt too, change the contents of the file /etc/sudoers.d/50_stack_sh to:

<username> ALL=(root) ALL
Defaults:<username> secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin

Replacing <username> by the username of the account where password prompt is needed.

This answer was based on user neckTwi's answer and a question on Unix and Linux regarding the syntax of /etc/sudoers file.

N.B.: I have raised a question on ask.openstack.org asking for clarification about the method mentioned above, hope we get an answer soon :)

Community
  • 1
jobin
  • 27,708
  • why are you again prompting password for the defaults when it is already that way? Any of our answers are not working for me now :| – Necktwi Jan 27 '16 at 05:58