so i have the following line in sudoers but it’s still asking for a password in the terminal:
spaceboy ALL=(ALL) NOPASSWD: ALL
Suggestions?
I edited the file using sudo visudo
It needs to be:
spaceboy ALL=(ALL:ALL) NOPASSWD: ALL
You may need a logout/login or even a reboot.
I was just testing this for another topic, and no logout/reboot was needed for this change. For a group membership change, though, that is necessary.
But a direct modification to sudoers takes effect immediately (in my testing, I changed an existing entry to remove the NOPASSWD: directive, and on my next sudo, I was prompted for a password).
Still not working after a reboot, with the sudoers entry now showing:
spaceboy ALL=(ALL:ALL) NOPASSWD: ALL
Also, the string you used initially does match (save the username) what I use on one of my test systems. That should work fine. The only difference between the two us the first ALL value means “run as any user” and the second is “run as any group”. If you’re switching to root, the group won’t matter.
Try running:
sudo -ll visudo
(or any command other than visudo) and report back what it shows.
Are you on Leap or Tumbleweed ?
Is this a recent install?
Could it be hat SElinux is involved?
Sudoers entry: /usr/etc/sudoers.d/50-wheel-auth-self
RunAsUsers: root
Commands:
ALL
Matched: /usr/sbin/visudo
neither, slowroll
Just to confirm, run whoami.
It seems the username isn’t matching for some reason.
I don’t think that’s likely, but I didn’t test with SELinux enabled. I’d expect some other sort of error on the sudo -ll command if that were the case because it wouldn’t be able to access anything.
visudo would report a syntax error in the file and prevent it from being saved if it were syntax in the file itself.
@spaceboy, maybe a silly question, but where did you add the line in the sudoers file? At the end, after the @includedir statement(s)? If you did, try moving it above those drop-in files inclusions.
Slowroll doesn’t have the sudoers file in /etc, but has it in /usr/etc/ which belongs to a package and should not be changed.
The whoami is a good one. First I see spaceboy as the user, now jc, confusing.
I’d have to check, but I don’t think slowroll’s visudo edits what’s in /usr/etc - since it’s the same package as from Tumbleweed, and the TW version doesn’t do that.
But the inclusion of /usr/etc/sudoers.d/* would only happen if it was reading the sudoers file from somewhere (which could be either /etc or /usr/etc, that’s true). But visudo also doesn’t edit files under the sudoers.d directories either, AFAIK, only the main sudoers file.
I think we need more information about what files are being read and modified, specifically.
It’s already above
Could I do sudo nano filename to be sure which file is being edited rather than visudo
That’s for packagers to use, not system admins, only place for admins is drop-in files in /etc/sudoers.d/
Edit: Add Ref https://en.opensuse.org/openSUSE:Packaging_UsrEtc#sudo
1 Like
spaceboy@localhost:~> whoami
spaceboy
As said before, Slowroll is basically a slower rolling TW, So what applies to TW also applies to Slowroll. Not even visudo should edit files in /usr/etc. This:
spaceboy ALL=(ALL:ALL) NOPASSWD: ALL
should work to have no password
spaceboy ALL=(ALL:ALL) ALL
should work with the user password
and **not **having the overrule in a file in /etc/sudoers.d/ should work with the root password
1 Like
Yes. But the match that he’s seeing is coming from a file in that setup - since he’s only using visudo, it won’t be touching anything there.
But the match he’s seeing is coming from that directory.
I think we need to see your sudoers file, in its entirety. Shouldn’t be any sensitive info in there. Do sudo cat /etc/sudoers | susepaste and share the URL you get back here (that’ll put the file on paste.opensuse.org).
You can, but it won’t have the syntax checked to ensure it’s a valid configuration file.
OK, not sure what the issue was. KVM User Session disappeared, so i had to import old disk image and now after updating and doing sudo visudo, it doesn’t ask for password.
Not working again after doing a zypper update:
As I recall, with Slowroll, you should be using zypper dup, not zypper update. Can you confirm what you did?