|
Bugzilla – Full Text Bug Listing |
| Summary: | NOPASSWD needs to be in /etc/sudoers.d/ if sudo is a ssh command | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Ronald Howe <drdhowe> |
| Component: | Documentation | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | high | ||
| Version: | 1.9.5 | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Attachments: | same as above descrition | ||
Raspberry pi Debian distro comes with builtin superuser pi with nopasswd user spec in /etc/suduers.d/. Users will have laptop etc. and might add a new user to the R-pi with same username so they can ssh and scp without passwords after key exchange. If the user then wants to admin the R-pi without password the pitfall is to run visudo and copy root's spec to make user a superuser and perhaps later add nopasswd: It is quite obscure why <ssh sudo command> then asks for password and the documentation takes a while to read carefully for starters It sounds like there is another rules in your /etc/sudoers file that overrides the: user ALL=(ALL) NOPASSWD: ALL sudo uses the last match, which is probably why adding a file to /etc/sudoers.d/ works for you. |
Created attachment 566 [details] same as above descrition I use the following script to set time/date for pihost which has no RTC #!/bin/bash dt=$(date +%s) ssh pihost sudo date --set=@$dt If pihost has the line - user ALL=(ALL) NOPASSWD: ALL in its /etc/sudoers file, the command sudo date --set=@$dt in the script asks for the password, but the same command at the user's terminal on pihost does not With the same line - user ALL=(ALL) NOPASSWD: ALL in the file - /etc/sudoers.d/012_user-nopasswd the script's "sudo date --set=..." command does not ask for the password and the script sets the time as intended The Sudo and Sudoers manpages need to be amended