Selectively enable sudo without password

Asked Dec 10 '21 at 19:36

Active Dec 10 '21 at 19:57

Viewed 46 times

It is working well, or should I say too well.

I have a couple of users, say userA and userB, who have been added to the sudo group.

sudo usermod -aG sudo userA
sudo usermod -aG sudo userB

I did sudo visudo and I added the following line at the bottom (i.e. the very last line):
userA ALL=(ALL) NOPASSWD: ALL

However, I am finding that sudo without password is enabled for both userA and userB.

Question: How can I enable sudo without password for userA, but not userB?

edited Dec 10 '21 at 19:57

asked Dec 10 '21 at 19:36

Sandeep

1

Post your /etc/sudoers and any file you changed in /etc/sudoers.d. Presumably you added NOPASSWD: to another line. Note that if multiple rules apply, the last one counts. – Gilles 'SO- stop being evil' Dec 10 '21 at 19:52
does the rule defining %sudo (i.e. the rule for members of group sudo) also have NOPASSWD? or do you have a line with Defaults exempt_group=sudo? You added both users to the sudo group, and (from man sudoers) "Users in this group are exempt from password and PATH requirements." – cas Dec 11 '21 at 05:02

0 Answers0