Adding NOPASSWD in /etc/sudoers doesn't work

root password sudo

On 14.04 here. I SSHed into my machine, added the following line to /etc/sudoers:

myuser   ALL=NOPASSWD: ALL

And then tried running:

sudo mkdir /etc/blah

...and I'm being asked for my password. Why?!?

I do not want to be asked for my password when doing this operation. Please note that when I run ls -ltr / I get:

drwxr-xr-x 94 root root  4096 Jul 30 13:28 etc

But I don't think this matters because I've set myself up as a "sudoer", right?

More importantly, what do I need to do so that I can run sudo mkdir /etc/blah as my current user (myuser) without being asked for the password?

Here's my entire /etc/sudoers file:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root      ALL=(ALL:ALL) ALL
fizzbuzz  ALL=NOPASSWD: ALL
chadmin   ALL=NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Solution 1:

It is the sequence/ordering of the rules that caused this. The last rule takes preference.

In order to fix your problem, simply move your lines,

fizzbuzz  ALL=NOPASSWD: ALL
chadmin   ALL=NOPASSWD: ALL

from the sudoers file to 

sudo visudo -f /etc/sudoers.d/myOverrides

This is better approach than editing the sudoers file with a plain text editor. If you accidentally insert errors into the file, you may not longer be able to run sudo. Always use visudo, so that the syntax is checked and you receive warnings about mistakes!

Your directive doesn't work because it is overridden by:

%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

If you run the groups command you should see that your user belongs to these groups.

Solution 2:

If myuser is in the sudo group, then this order of the lines won't provide passwordless access (as noted by Florian Diesch), because the 3rd line overrides the 1st one.

myuser    ALL=(www-data:www-data) NOPASSWD: ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

So just put the lines into this order:

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
myuser    ALL=(www-data:www-data) NOPASSWD: ALL

Under myuser account use sudo -l to check what permissions myuser has.

Related

Ubuntu 16.04 command line sendmail installation hanged
node: command not found
How do I install and get started with vim/vi?
Updating golang on Ubuntu
How do I measure the size of an area? [duplicate]
What are the risks of NOT using a firewall (home computer)?
Why does `type which` say that `which is hashed`?
How to set wifi driver settings to prefer 5 GHz channel above 2.4 GHz
How do I move clock to the right end of GNOME 3 Panel from the middle?
Error while unzipping: need PK compat. v5.1 (can do v4.6)
Must copy and rename file
How do I know the device path to an USB-stick?