Sudo with NOPASSWD and service restart

Question

I have an /etc/sudoers with the following:

glens   ALL=NOPASSWD:/usr/sbin/service php5-fpm
glens   ALL=(ALL:ALL) ALL

And I'm trying to run the command:

sudo /usr/sbin/service php5-fpm restart

However, I'm still prompted for my password.

This AskUbuntu question/answer suggests I have the correct syntax, but I'm still prompted.

Lambert · Accepted Answer · 2015-11-30T15:23:31.603

22

The NOPASSWD entry should be placed beneath the other line:

glens   ALL=(ALL:ALL) ALL    
glens   ALL=NOPASSWD:/usr/sbin/service php5-fpm

From the manual (man sudoers):

When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).

Therefore your order of NOPASSWD being first will be overridden by the second line (ALL=(ALL:ALL) ALL).

edited Nov 30 '15 at 15:23

answered Nov 30 '15 at 15:15

Lambert

12,680

I see in the manpage that this is true, changing the order doesn't seem to have any effect on being prompted for a password. – Glen Solsberry Nov 30 '15 at 15:47
5

You need a * at the end of the nopasswd sudoers entry to allow sudo to match 'restart' – Jeff Schaller Nov 30 '15 at 18:37
3

Or the full command glens ALL=NOPASSWD:/usr/sbin/service php5-fpm restart – Yu Jiaao Jun 14 '17 at 04:24

Sudo with NOPASSWD and service restart

1 Answers1

Linked