Allowing a sudo command to run without needing password [duplicate]

sudo

I have a NOPASSWD line in /etc/sudoers (edited with visudo)

gatoatigrado    ALL=(ALL) NOPASSWD: /bin/set-slow-cpufreq

However, the output is,

gatoatigrado@coral:~> sudo -n /bin/set-slow-cpufreq
sudo: sorry, a password is required to run sudo

This kind of command works on an OpenSuSE machine, but not on Ubuntu 11.10. What am I doing wrong?

Note: I cannot find any relevant system log messages, e.g. via tail -f /var/log/syslog.

edit

Here is /etc/sudoers.

Defaults    env_reset

# things I've tried copying from an opensuse machine
Defaults always_set_home
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"

root    ALL=(ALL:ALL) ALL
gatoatigrado ALL=NOPASSWD: /bin/set-slow-cpufreq
%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

Solution 1:

You should put that line after the line with the rule for the sudo group, because, as the sudoers man page states:

   When multiple entries match for a user, they are applied in order.
   Where there are multiple matches, the last match is used (which is not
   necessarily the most specific match).

Solution 2:

Just ran into this too.

My situation is I'm setting up a remote system that will run headless. I have enabled full disk encryption (otherwise an attacker with physicall access can do anything he or she wants) I want to auth with pub key only (I will unset the password so that the "have something, know something" scheme will be a password protected keypair --root login is of course disabled entirely)

The Ubuntu installer prompts for a non-root admin user which gets added to the group sudo. I had then manually added myself to the sudoers file using sudo visudo:

my_username ALL=(ALL:ALL) NOPASSWD:ALL

NOTE if you use nopasswd on your laptop you must always lock your computer as you walk away or else a casual attacker can compromise a lot while you're getting up to put cream in your coffee

I was still having to password authenticate.

enzotib's answer is the key to what's going on. The group sudo shows up in sudoers after the entry for my username.

Rather than moving my entry below the sudo line I simply removed the line I had previously added and then added NOPASSWD to the entry for %sudo

That seems to work. Again only use nopasswd if you really need it (In my case it was precisely what I needed, for most users requiring a password for sudo activity is best)

Additional WARNING: Always edit sudoers with visudo. (sudo visudo) Also, having another window open switched to the root user allows you to recover any mistakes you might make while changing the sudoers file.

Related

Has anyone out there been able to get Thunderbolt 3 to work on an X570?
Stuck at the CLI starting screen after entering credentials [closed]
automatically entering passphrase in openssl command
Question about alternating commands every minute in Cron
VPN Wireguard - handshake ok but no internet and LAN access
View passwords stored in Nemo [duplicate]
How do I run GNOME Wi-Fi selection dialog through terminal with command line?
The given matrix has three linearly independent eigenvectors, then $x+y=0$.
Question on Hom functors
Endomorphism algebra of irreducible module over a group algebra
Proof $\lim_{x \rightarrow \infty}f(x)=\lim_{x \rightarrow 0^{+}}f(\frac{1}{x})$
If the image of an orthonormal basis is bounded, is the linear operator also bounded?