[sudo-users] "secondary" group in sudoer
Ryan Anderson
ryan.c.anderson at gmail.com
Fri May 19 07:39:56 MDT 2017
It would seem you need to change the line from this:
admin ALL=(ALL) NOPASSWD:ALL
To this:
%admin ALL=(ALL) NOPASSWD:ALL
On Fri, May 19, 2017 at 7:09 AM sosogh at 126.com <sosogh at 126.com> wrote:
> Hi list
>
>
> I am using CentOS release 6.9 (Final), and using Sudo version 1.8.6p3.
> My accout is sosogh , and it is in "admin" group.
> I have set admin ALL=(ALL) NOPASSWD:ALL.
> But it keeps asking me password when executing sudo.
>
>
> [sosogh at ip-172-31-129-86 ~]$ sudo whoami
> [sudo] password for sosogh:
>
>
> And ideas?
> Thank you !
>
>
>
>
>
>
> [sosogh at ip-172-31-129-86 ~]$ id
> uid=503(sosogh) gid=503(sosogh)
> groups=503(sosogh),4(adm),10(wheel),500(centos),504(admin)
>
>
>
>
> [root at ip-172-31-129-86 ~]# ls -al /etc/sudoers.d/sosogh
> -r--r----- 1 root root 29 May 19 06:55 /etc/sudoers.d/sosogh
>
>
>
>
> [root at ip-172-31-129-86 ~]# cat /etc/sudoers.d/sosogh
> admin ALL=(ALL) NOPASSWD:ALL
>
>
>
>
> [root at ip-172-31-129-86 ~]# cat /etc/sudoers
> Defaults requiretty
> Defaults !visiblepw
> Defaults always_set_home
> Defaults env_reset
> Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
> LS_COLORS"
> Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
> LC_CTYPE"
> Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
> LC_MESSAGES"
> Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
> LC_TELEPHONE"
> Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
> XAUTHORITY"
> Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
> root ALL=(ALL) ALL
> #includedir /etc/sudoers.d
>
>
>
>
>
>
>
>
> [root at ip-172-31-129-86 ~]# sudo -V
> Sudo version 1.8.6p3
> Configure options: --build=x86_64-redhat-linux-gnu
> --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu
> --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
> --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec
> --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man
> --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin
> --libdir=/usr/lib64 --docdir=/usr/share/doc/sudo-1.8.6p3
> --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login
> --with-editor=/bin/vi --with-env-editor --with-ignore-dot
> --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf
> --with-selinux --with-passprompt=[sudo] password for %p:
> --with-linux-audit --with-sssd
> Sudoers policy plugin version 1.8.6p3
> Sudoers file grammar version 42
>
>
> Sudoers path: /etc/sudoers
> nsswitch path: /etc/nsswitch.conf
> ldap.conf path: /etc/sudo-ldap.conf
> ldap.secret path: /etc/ldap.secret
> Authentication methods: 'pam'
> Syslog facility if syslog is being used for logging: authpriv
> Syslog priority to use when user authenticates successfully: notice
> Syslog priority to use when user authenticates unsuccessfully: alert
> Ignore '.' in $PATH
> Send mail if the user is not in sudoers
> Use a separate timestamp for each user/tty combo
> Lecture user the first time they run sudo
> Require users to authenticate by default
> Root may run sudo
> Always set $HOME to the target user's home directory
> Allow some information gathering to give useful error messages
> Only allow the user to run sudo if they have a tty
> Visudo will honor the EDITOR environment variable
> Set the LOGNAME and USER environment variables
> Length at which to wrap log file lines (0 for no wrap): 80
> Authentication timestamp timeout: 5.0 minutes
> Password prompt timeout: 5.0 minutes
> Number of tries to enter a password: 3
> Umask to use or 0777 to use user's: 022
> Path to mail program: /usr/sbin/sendmail
> Flags for mail program: -t
> Address to send mail to: root
> Subject line for mail messages: *** SECURITY information for %h ***
> Incorrect password message: Sorry, try again.
> Path to authentication timestamp dir: /var/db/sudo
> Default password prompt: [sudo] password for %p:
> Default user to run commands as: root
> Value to override user's $PATH with: /sbin:/bin:/usr/sbin:/usr/bin
> Path to the editor for use by visudo: /bin/vi
> When to require a password for 'list' pseudocommand: any
> When to require a password for 'verify' pseudocommand: all
> File descriptors >= 3 will be closed before executing a command
> Reset the environment to a default set of variables
> Environment variables to check for sanity:
> TZ
> TERM
> LINGUAS
> LC_*
> LANGUAGE
> LANG
> COLORTERM
> Environment variables to remove:
> RUBYOPT
> RUBYLIB
> PYTHONUSERBASE
> PYTHONINSPECT
> PYTHONPATH
> PYTHONHOME
> TMPPREFIX
> ZDOTDIR
> READNULLCMD
> NULLCMD
> FPATH
> PERL5DB
> PERL5OPT
> PERL5LIB
> PERLLIB
> PERLIO_DEBUG
> JAVA_TOOL_OPTIONS
> SHELLOPTS
> GLOBIGNORE
> PS4
> BASH_ENV
> ENV
> TERMCAP
> TERMPATH
> TERMINFO_DIRS
> TERMINFO
> _RLD*
> LD_*
> PATH_LOCALE
> NLSPATH
> HOSTALIASES
> RES_OPTIONS
> LOCALDOMAIN
> CDPATH
> IFS
> Environment variables to preserve:
> XAUTHORITY
> _XKB_CHARSET
> LINGUAS
> LANGUAGE
> LC_ALL
> LC_TIME
> LC_TELEPHONE
> LC_PAPER
> LC_NUMERIC
> LC_NAME
> LC_MONETARY
> LC_MESSAGES
> LC_MEASUREMENT
> LC_IDENTIFICATION
> LC_COLLATE
> LC_CTYPE
> LC_ADDRESS
> LANG
> USERNAME
> QTDIR
> PS2
> PS1
> MAIL
> LS_COLORS
> KDEDIR
> INPUTRC
> HISTSIZE
> HOSTNAME
> DISPLAY
> COLORS
> Locale to use while parsing sudoers: C
> Compress I/O logs using zlib
> Directory in which to store input/output logs: /var/log/sudo-io
> File in which to store the input/output log: %{seq}
> Add an entry to the utmp/utmpx file when allocating a pty
> Don't pre-resolve all group names
> PAM service name to use
> PAM service name to use for login shells
>
>
> Local IP address and netmask pairs:
> 172.31.129.86/255.255.240.0
> fe80::1012:eaff:fe16:18d8/ffff:ffff:ffff:ffff::
>
>
> Sudoers I/O plugin version 1.8.6p3
>
>
> sosogh at 126.com
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list