[sudo-users] sudo -i doesn't respect NOPASSWD?

Todd C. Miller Todd.Miller at courtesan.com
Mon Sep 9 13:36:45 MDT 2013

On Mon, 09 Sep 2013 20:04:17 +0200, =?UTF-8?Q?S=C3=A9bastien_Luttringer?= wrote

> # cat /etc/sudoers.d/81-seblu-id
> seblu ALL=(root) NOPASSWD: /usr/bin/id
> Is there any special option to have NOPASSWD working with -i? Or is it a bug?

When you use the -i flag you are wrapping the command inside a
shell.  The actual command that gets run is probably something like:

    /bin/sh -c id


    /bin/bash -c id

depending on what root's shell is.  Check your logs to see what is
actuallyl being denied.

 - todd

More information about the sudo-users mailing list