Bugzilla – Bug 1024
NOPASSWD needs to be in /etc/sudoers.d/ if sudo is a ssh command
Last modified: 2022-10-23 09:17:36 MDT
Created attachment 566 [details] same as above descrition I use the following script to set time/date for pihost which has no RTC #!/bin/bash dt=$(date +%s) ssh pihost sudo date --set=@$dt If pihost has the line - user ALL=(ALL) NOPASSWD: ALL in its /etc/sudoers file, the command sudo date --set=@$dt in the script asks for the password, but the same command at the user's terminal on pihost does not With the same line - user ALL=(ALL) NOPASSWD: ALL in the file - /etc/sudoers.d/012_user-nopasswd the script's "sudo date --set=..." command does not ask for the password and the script sets the time as intended The Sudo and Sudoers manpages need to be amended
Raspberry pi Debian distro comes with builtin superuser pi with nopasswd user spec in /etc/suduers.d/. Users will have laptop etc. and might add a new user to the R-pi with same username so they can ssh and scp without passwords after key exchange. If the user then wants to admin the R-pi without password the pitfall is to run visudo and copy root's spec to make user a superuser and perhaps later add nopasswd: It is quite obscure why <ssh sudo command> then asks for password and the documentation takes a while to read carefully for starters
It sounds like there is another rules in your /etc/sudoers file that overrides the: user ALL=(ALL) NOPASSWD: ALL sudo uses the last match, which is probably why adding a file to /etc/sudoers.d/ works for you.