[sudo-users] Sudo not asking users' password

Todd C. Miller Todd.Miller at courtesan.com
Wed Nov 17 18:40:16 EST 2010

In message <4CE40F3B.4080802 at parrot.com>
	so spake Fabien Bagard (fabien.bagard):

> I have some trouble with sudo :
> On some servers, sudo grant root privileges to members of group 'sudo' 
> without asking them their password.
> The problem is I do not understand why, and how to get the password asked.
> It is not a timeout problem, because even after a long while, or even 
> without the /var/rum/sudo/ dir, the problem persists.

It sounds like sudo on those servers was compiled with
exempt_group set to "sudo".  Try running the this on
one of the affected servers:

$ sudo sudo -V | grep exempt

If you see something like:

Users in this group are exempt from password and PATH requirements: sudo

then that sudo binary has been compiled such that users in
the sudo group need not enter a password.

You can disable that by adding the following line to sudoers file.

    Defaults !exempt_group

 - todd

More information about the sudo-users mailing list