[sudo-users] sudo -i doesn't respect NOPASSWD?

Sébastien Luttringer seblu at seblu.net
Tue Sep 17 04:14:28 MDT 2013

On Mon, Sep 9, 2013 at 9:36 PM, Todd C. Miller
<Todd.Miller at courtesan.com> wrote:
> On Mon, 09 Sep 2013 20:04:17 +0200, =?UTF-8?Q?S=C3=A9bastien_Luttringer?= wrote
> :
>> # cat /etc/sudoers.d/81-seblu-id
>> seblu ALL=(root) NOPASSWD: /usr/bin/id
>> Is there any special option to have NOPASSWD working with -i? Or is it a bug?
> When you use the -i flag you are wrapping the command inside a
> shell.  The actual command that gets run is probably something like:
>     /bin/sh -c id
> or:
>     /bin/bash -c id
> depending on what root's shell is.  Check your logs to see what is
> actuallyl being denied.

My log was empty because I SIGINT the process as it asks me password
(and it should not). But if I enter 3 bad passwords I got the
following line.

sept. 17 12:00:49 rwolf sudo[21136]: seblu : 3 incorrect password
attempts ; TTY=pts/8 ; PWD=/home/seblu ; USER=root ; COMMAND=/bin/zsh
-c pacman -Sy

So, it's exactly what you are saying. Thanks!

Sébastien "Seblu" Luttringer
GPG: 0x2072D77A

More information about the sudo-users mailing list