[sudo-users] Sudo not asking users' password
Todd C. Miller
Todd.Miller at courtesan.com
Wed Nov 17 18:40:16 EST 2010
In message <4CE40F3B.4080802 at parrot.com>
so spake Fabien Bagard (fabien.bagard):
> I have some trouble with sudo :
> On some servers, sudo grant root privileges to members of group 'sudo'
> without asking them their password.
> The problem is I do not understand why, and how to get the password asked.
> It is not a timeout problem, because even after a long while, or even
> without the /var/rum/sudo/ dir, the problem persists.
It sounds like sudo on those servers was compiled with
exempt_group set to "sudo". Try running the this on
one of the affected servers:
$ sudo sudo -V | grep exempt
If you see something like:
Users in this group are exempt from password and PATH requirements: sudo
then that sudo binary has been compiled such that users in
the sudo group need not enter a password.
You can disable that by adding the following line to sudoers file.
More information about the sudo-users