Change in sudoers does not take effect. Ubuntu 16.10 fresh install + one line.

Question

Trying to remove password on sudo. My current sudoers file:

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"


root    ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL


vidar ALL=(ALL) NOPASSWD: ALL

I quit, open new terminal (or even reboot), but password is still required for sudo. User is member of sudo group.

What can possibly be happening?

score 4 · Answer 1 · answered Feb 24 '17 at 23:12

4

You don't have to reboot for the change to take effect.

You are missing the :ALL part of the entry.

Change from:

vidar ALL=(ALL) NOPASSWD: ALL

change to:

vidar ALL=(ALL:ALL) NOPASSWD: ALL

answered Feb 24 '17 at 23:12

L. D. James

25,036

It's now working fine with the attached sudoers file . Probably human error of some kind. – Vidar Feb 25 '17 at 05:48

score 3 · Answer 2 · answered Nov 28 '19 at 11:47

3

The order of the entries in the sudoers file is important. You should also check the directory /etc/sudoers.d, because entries on this directory may be overwriting what you trying to do on sudoers.

You can also check the /etc/sudoers.d/README for more information.

answered Nov 28 '19 at 11:47

Eduardo

131

What do you mean by 'The order of entries is important'? What needs to be done to achieve what OP wants? – Marc Vanhoomissen Nov 28 '19 at 12:36
2

@MarcVanhoomissen if you have the same entry for an user, the last one will take effect. So, it is necessary to check all the content of sudoers file to see if there are no duplicates. Also, it is necessary to check /etc/sudoers.d/ to see if there are no entries there. – Eduardo Nov 28 '19 at 13:27

score 1 · Answer 3 · answered Aug 09 '23 at 14:16

Just to elaborate on and complement the answer provided by @Eduardo , the order of the entries in the sudoers file is important not only because of possible duplicate entries, but also for group rules that a later group rule may overwrite any previous rules specified for users that belong to the group.

For example, a sudoers file like this

# User privilege specification                                                    
root    ALL=(ALL:ALL) ALL                                                         
userX   ALL=(ALL:ALL) NOPASSWD: ALL
Members of the admin  group may gain root privileges
%admin ALL=(ALL) ALL
Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

may have problems when userX belongs to either admin or sudo group, as the NOPASSWD: rule will be overwritten by rules applied to the admin and/or sudo groups, thus your NOPASSWD: rule will be lost.

So it's safer to put individual user rules in the sudoers.d directory since those will be loaded later than the default group rules.

score 0 · Answer 4 · edited Jul 17 '23 at 10:54

0

I had similar problem. Adding my changes in /etc/sudoers.d/anotherfile made it work.

visusdo will open /etc/sudoers for editing but in my case i also added /etc/sudoers.d/anotherfile as the changes in sudoers file were not enabled.

edited Jul 17 '23 at 10:54

Community

1

answered Apr 16 '23 at 19:56

FredyK

101

What changes? This is not a complete answer. – David Apr 17 '23 at 07:31

Change in sudoers does not take effect. Ubuntu 16.10 fresh install + one line.

4 Answers4

Members of the admin group may gain root privileges

Allow members of group sudo to execute any command

Linked