sudoers file change not working?

Question

I'm in Ubuntu 18.04LTS and I want to change the sudoers file to execute sudo shutdown -h now without the need of password (for my_username). The steps I take were:

With my user my_username open terminal:

sudo visudo

The line I added:

my_username ALL=(ALL) NOPASSWD: /sbin/shutdown

Where there is only one tab in the first part (between user and ALL) and the rest are spaces. The user is the one it appears after id in terminal. After that, just in case I restart the system, and type sudo shutdown -h now but it keeps asking for password.

What I'm doing wrong?

-----EDIT------

Ok, I didn't know that the order in which you add the lines were important, so as asked I added my full file (it's a very simple sudoers config).

#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
my_username ALL=(ALL) NOPASSWD: /sbin/shutdown
#includedir /etc/sudoers.d

This way it works perfectly for me. The problem was that I added the line after root line.

Where is your shutdown binary located? Try command -v shutdown in a shell. — Wieland, May 25 '20 at 11:14
this line my_username ALL=(ALL) NOPASSWD: /sbin/shutdown should be after username ALL=(ALL) ALL. — binarysta, May 25 '20 at 11:18
Oh, so I have to add first my_username ALL=(ALL) ALL in one line and in the next line my_username ALL=(ALL) NOPASSWD: /sbin/shutdown ? — Aurelie Navir, May 25 '20 at 11:22
I added the answer, yes, but if you could provide this config section of your sudoers file in your question, we can help more efficiently. — binarysta, May 25 '20 at 11:27

score 3 · Accepted Answer · answered May 25 '20 at 11:25

in sudoers man page (man 5 sudoers) has been mentioned

When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).

So no matter if your config is specific.

Also consider if you have sudoers group ( like wheel in Red Hat based distros) the line

%wheel ALL=(ALL) ALL should be before NOPASSWD

Kusalananda · Answer 2 · 2020-05-25T11:58:08.900

1

The configuration

my_username ALL=(ALL) NOPASSWD: /sbin/shutdown

allows the user my_username to run /sbin/shutdown with or without arguments and without giving a password, but they must use /sbin/shutdown, not just shutdown (as what executable is picked up would depend on the $PATH).

edited May 25 '20 at 11:58

answered May 25 '20 at 11:40

Kusalananda

333,661

sudoers file change not working?

2 Answers2

Linked

Related