How is passwordless sudo achieved for the vagrant user?

linux ubuntu sudo vagrant

I am confused. This is /etc/sudoers:

vagrant@ubuntu-xenial:~$ sudo cat /etc/sudoers                                                                                                                                                                      
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

How is passwordless sudo achieved for the vagrant user?

The vagrant user is not even in the sudo group:

vagrant@ubuntu-xenial:~$ id -a
uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant)

And, as expected, adding other users to the sudo group asks me for a password:

user1@ubuntu-xenial:~$ sudo ls
[sudo] password for user1:

Solution 1:

I had the same doubt related to how the vagrant user was able to sudo without being in the "standard" places where we are acquainted to check on CentOS 7.

But on Debian's "bullseye64" box you have the following README at /etc/sudoers.d/README

As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on installation of the package now includes the directive:

#includedir /etc/sudoers.d

This will cause sudo to read and parse any files in the /etc/sudoers.d directory that do not end in ~ or contain a . character.

Note that there must be at least one file in the sudoers.d directory (this one will do), and all files in this directory should be mode 0440.

Note also, that because sudoers contents can vary widely, no attempt is made to add this directive to existing sudoers files on upgrade. Feel free to add the above directive to the end of your /etc/sudoers file to enable this functionality for existing installations if you wish!

Finally, please note that using the visudo command is the recommended way to update sudoers content, since it protects against many failure modes. See the man page for visudo for more information.

Related

Notepad++ - Select all lines from columns
How do I delete unpushed git commits?
What are the -Xms and -Xmx parameters when starting JVM?
jQuery Get Selected Option From Dropdown
How to convert a string to number in TypeScript?
What do these three dots in React do?
SQL Server - Best way to get identity of inserted row?
Get the current year in JavaScript
How to change the order of DataFrame columns?
How can I merge two commits into one if I already started rebase?
jQuery get specific option tag text
What is the use of "assert" in Python?