[CentOS] using NOPASSWD in sudoers

Ski Dawg centos at skidawg.org
Sat Sep 20 14:28:25 UTC 2008


On Fri, Sep 19, 2008 at 9:40 AM, ankush grover <ankushcentos at gmail.com> wrote:
> On Thu, Sep 18, 2008 at 11:19 PM, Ski Dawg <centos at skidawg.org> wrote:
>> Hello Everyone,
>>
>> # User alias specification
>> User_Alias  FULLACCESS = doug, scott
>>
>> # members of the FULLACCESS User_Alias may run chown and chmod without
>> a password
>>  FULLACCESS ALL = (root) NOPASSWD: /bin/chown, /bin/chmod
>>
>> # members of the FULLACCESS User_Alias may run anything but need a password
>>  FULLACCESS  ALL=(root) ALL
>
> Can you remove (root) and then try for NOPASSWD

Thanks for the reply. I finally figured it out later.

What I eneded up having to do is place the NOPASSWD line AFTER the
password required line, like:
# members of the FULLACCESS User_Alias may run anything but need a password
  FULLACCESS  ALL=(ALL) ALL

# members of the FULLACCESS User_Alias may run chown and chmod without
a password
  FULLACCESS ALL = NOPASSWD: /bin/chown, /bin/chmod

I found something somewhere, don't remember where though, that stated
that sudoers worked down the entire file, and the following line would
overwrite the access, thus requiring a password when the line were
switched.

Another thing that got me for a little bit, when using visudo to edit
the sudoers file, it is actually just editing a tmp file, so to
completely write your changes to /etc/sudoers, you have to actually
quit visudo, just like when editing cron.

Thanks again for your reply.
-- 
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Never trust a computer you can't throw out a window.
 -- Steve Wozniak


More information about the CentOS mailing list