NOPASSWD requires a password the first time
Todd C. Miller
Todd.Miller at courtesan.com
Mon Feb 2 13:57:52 EST 2004
In message <20040202060400.A5437 at google.com>
so spake Frank Cusack (fcusack):
> Figured it out... I also have a netgroup rule, which allows all commands,
> but requires a password. This user happens to be in that netgroup. For
> this application, it's not a problem to remove that user from the netgroup.
> I swear I was commenting that rule out during testing, but I guess not.
> Anyway, this is still a minor bug, don't you think?
Not really. Sudo takes the last match for a command, and the sudoers
entry that matched requires a password. In general, you want to
oder sudoers entries with the most general ones at the top and the
most specific towards the end.
More information about the sudo-workers