I am trying to setup my server so that I can restart Apache as userx without having to enter a sudo password. However when I logon as userx and run sudo /usr/sbin/service apache2 restart it asks me for a password. What have I got wrong?
Below is the content of my sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
userx ALL=(root) NOPASSWD: /usr/sbin/service apache2 restart
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Let me add back in my edit where I point out what the answer was and explain where I found the solution in case other people stubmle across this.
Turns out that userx was a member of the admin group and the %admin group entry was overwriting the settings. Moving the userx line below the %admin line solved the problem.
This answer also helped How to run a specific program as root without a password prompt?
/usr/sbin/service apache2 restartwithin double quotes – Chirag Bhatia - chirag64 Apr 24 '14 at 09:29