Bugzilla – Bug 901
sudo -v does not honor NOPASSWD anymore
Last modified: 2019-10-16 08:30:25 MDT
Hi, I just upgraded from sudo 1.8.27 to 1.8.28. If the sudoers file contains this line: %root ALL=(ALL) NOPASSWD: ALL With 1.8.27, it had the result of skipping the password prompt for “sudo -v”. With 1.8.28, it doesn’t anymore (“sudo -v” asks for the password). Is the change intended? Thanks.
Confirming this behaviour on Arch Linux after 1.8.28 upgrade. As a possible temporary workaround, setting "Defaults verifypw=any" option brings back things to normal. I have the same question though whether the change was intended. The man page says: === By default, if the NOPASSWD tag is applied to any of a user's entries for the current host, the user will be able to run “sudo -l” without a password. Additionally, a user may only run “sudo -v” without a password if all of the user's entries for the current host have the NOPASSWD tag. This behavior may be overridden via the verifypw and listpw options. === Since there's only one user entry in my configuration, I'd say it contradicts to what the man page says, and thus the behaviour change is erroneous.
This is fallout from the fix to Bug #869.
Created attachment 529 [details] Fix for bug #901
Now committed as https://www.sudo.ws/repos/sudo/rev/aac35bcd8584
Fixed in 1.8.28p1, out now.