[sudo-users] NOPASSWD: fails when using -i option

Marcel Kuiper sudo at mknet.nl
Tue Jul 3 05:34:06 EDT 2012


I have the following in my sudoers to run a shellscript as some other account

%mygrp ALL=(otheruser) NOPASSWD:  /path/to/script.sh

This works fine if I run:

sudo -u otheruser /path/to/script.sh

However if I add the -i option to the command sudo will ask for my
password. I can see with debugging turned on that the command now is
/bin/sh instead of /path/to/script.sh and indeed if I set /bin/sh as the
command in sudoers it will work without having to enter a password.
However this allows me to execute all commands with the -i option, not
just the specific script.

Is it intentional that with the -i option the command checked is the
user's shell instead of the command in sudoers? If so, what is the
reasoning behind that?




More information about the sudo-users mailing list