Question: I wanted to install a package as a local user and use sudo wherever required. To do that, I created an account called ‘stack’ and made the below entry in my /etc/sudoers file.
# User privilege specification root ALL=(ALL:ALL) ALL stack ALL=(ALL) NOPASSWD:ALL
However, when verified through command line using the command sudo -s, it asks for the password as shown below:
stack@cloudsec2:~$ sudo -s [sudo] password for stack:
Please help me, where am I doing wrong?
Solution 1: You should put that line after the line with the rule for the admin group. Because when multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
So, your sudoers file should look like the below:
# User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL stack ALL=(ALL) NOPASSWD:ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
Solution 2: Rather than moving the line, you can simply remove it and add NOPASSWD to the entry for %sudo as shown below:
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
Note: Make sure your login belongs to the sudo group as shown below:
root@cloudsec2:~# id stack uid=1000(stack) gid=1000(stack) groups=1000(stack),4(adm),27(sudo),
Solution 3: Move your line to a file under /etc/sudoers.d/
visudo -f /etc/sudoers.d/myOverrides
Insert the below line:
stack ALL=(ALL:ALL) NOPASSWD:ALL
Now open /etc/sudoers file and uncomment the below line:
visudo -f /etc/sudoers #includedir /etc/sudoers.d
This is a better approach to edit sudoers.