NOPASSWD requires a password the first time

Todd C. Miller Todd.Miller at
Mon Feb 2 13:57:52 EST 2004

In message <20040202060400.A5437 at>
	so spake Frank Cusack (fcusack):

> Figured it out... I also have a netgroup rule, which allows all commands,
> but requires a password.  This user happens to be in that netgroup.  For
> this application, it's not a problem to remove that user from the netgroup.
> I swear I was commenting that rule out during testing, but I guess not.
> Anyway, this is still a minor bug, don't you think?  

Not really.  Sudo takes the last match for a command, and the sudoers
entry that matched requires a password.  In general, you want to
oder sudoers entries with the most general ones at the top and the
most specific towards the end.

 - todd

More information about the sudo-workers mailing list