[sudo-users] "secondary" group in sudoer

sosogh at 126.com sosogh at 126.com
Fri May 19 03:48:52 MDT 2017


Hi list


I am using CentOS release 6.9 (Final), and using Sudo version 1.8.6p3.
My accout is sosogh , and it is in  "admin" group.
I have set admin ALL=(ALL) NOPASSWD:ALL.
But it keeps asking me password when executing sudo.


[sosogh at ip-172-31-129-86 ~]$ sudo whoami
[sudo] password for sosogh: 


And ideas?
Thank you !






[sosogh at ip-172-31-129-86 ~]$ id
uid=503(sosogh) gid=503(sosogh) groups=503(sosogh),4(adm),10(wheel),500(centos),504(admin)




[root at ip-172-31-129-86 ~]# ls -al /etc/sudoers.d/sosogh
-r--r----- 1 root root 29 May 19 06:55 /etc/sudoers.d/sosogh




[root at ip-172-31-129-86 ~]# cat  /etc/sudoers.d/sosogh
admin ALL=(ALL) NOPASSWD:ALL




[root at ip-172-31-129-86 ~]# cat  /etc/sudoers
Defaults    requiretty
Defaults   !visiblepw
Defaults    always_set_home
Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root    ALL=(ALL)       ALL
#includedir /etc/sudoers.d








[root at ip-172-31-129-86 ~]# sudo -V
Sudo version 1.8.6p3
Configure options: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo-1.8.6p3 --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf --with-selinux --with-passprompt=[sudo] password for %p:  --with-linux-audit --with-sssd
Sudoers policy plugin version 1.8.6p3
Sudoers file grammar version 42


Sudoers path: /etc/sudoers
nsswitch path: /etc/nsswitch.conf
ldap.conf path: /etc/sudo-ldap.conf
ldap.secret path: /etc/ldap.secret
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Only allow the user to run sudo if they have a tty
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5.0 minutes
Password prompt timeout: 5.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/db/sudo
Default password prompt: [sudo] password for %p: 
Default user to run commands as: root
Value to override user's $PATH with: /sbin:/bin:/usr/sbin:/usr/bin
Path to the editor for use by visudo: /bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
        TZ
        TERM
        LINGUAS
        LC_*
        LANGUAGE
        LANG
        COLORTERM
Environment variables to remove:
        RUBYOPT
        RUBYLIB
        PYTHONUSERBASE
        PYTHONINSPECT
        PYTHONPATH
        PYTHONHOME
        TMPPREFIX
        ZDOTDIR
        READNULLCMD
        NULLCMD
        FPATH
        PERL5DB
        PERL5OPT
        PERL5LIB
        PERLLIB
        PERLIO_DEBUG 
        JAVA_TOOL_OPTIONS
        SHELLOPTS
        GLOBIGNORE
        PS4
        BASH_ENV
        ENV
        TERMCAP
        TERMPATH
        TERMINFO_DIRS
        TERMINFO
        _RLD*
        LD_*
        PATH_LOCALE
        NLSPATH
        HOSTALIASES
        RES_OPTIONS
        LOCALDOMAIN
        CDPATH
        IFS
Environment variables to preserve:
        XAUTHORITY
        _XKB_CHARSET
        LINGUAS
        LANGUAGE
        LC_ALL
        LC_TIME
        LC_TELEPHONE
        LC_PAPER
        LC_NUMERIC
        LC_NAME
        LC_MONETARY
        LC_MESSAGES
        LC_MEASUREMENT
        LC_IDENTIFICATION
        LC_COLLATE
        LC_CTYPE
        LC_ADDRESS
        LANG
        USERNAME
        QTDIR
        PS2
        PS1
        MAIL
        LS_COLORS
        KDEDIR
        INPUTRC
        HISTSIZE
        HOSTNAME
        DISPLAY
        COLORS
Locale to use while parsing sudoers: C
Compress I/O logs using zlib
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
Don't pre-resolve all group names
PAM service name to use
PAM service name to use for login shells


Local IP address and netmask pairs:
        172.31.129.86/255.255.240.0
        fe80::1012:eaff:fe16:18d8/ffff:ffff:ffff:ffff::


Sudoers I/O plugin version 1.8.6p3
 
 
sosogh at 126.com


More information about the sudo-users mailing list