Sudo with NOPASSWD and service restart [duplicate]

Question

I have an /etc/sudoers with the following:

glens   ALL=NOPASSWD:/usr/sbin/service php5-fpm
glens   ALL=(ALL:ALL) ALL

And I'm trying to run the command:

sudo /usr/sbin/service php5-fpm restart

However, I'm still prompted for my password.

This AskUbuntu question/answer suggests I have the correct syntax, but I'm still prompted.

Lambert · Accepted Answer · 2015-11-30 15:23:31Z

22

The NOPASSWD entry should be placed beneath the other line:

glens   ALL=(ALL:ALL) ALL    
glens   ALL=NOPASSWD:/usr/sbin/service php5-fpm

From the manual (man sudoers):

When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).

Therefore your order of NOPASSWD being first will be overridden by the second line (ALL=(ALL:ALL) ALL).

edited Nov 30, 2015 at 15:23

answered Nov 30, 2015 at 15:15

Lambert

12.8k2 gold badges28 silver badges35 bronze badges

I see in the manpage that this is true, changing the order doesn't seem to have any effect on being prompted for a password.

Glen Solsberry
– Glen Solsberry

2015-11-30 15:47:15 +00:00
Commented Nov 30, 2015 at 15:47
5

You need a * at the end of the nopasswd sudoers entry to allow sudo to match 'restart'

Jeff Schaller
– Jeff Schaller ♦

2015-11-30 18:37:11 +00:00
Commented Nov 30, 2015 at 18:37
3

Or the full command glens ALL=NOPASSWD:/usr/sbin/service php5-fpm restart

Yu Jiaao
– Yu Jiaao

2017-06-14 04:24:07 +00:00
Commented Jun 14, 2017 at 4:24

Add a comment |

Stack Exchange Network

Sudo with NOPASSWD and service restart [duplicate]

1 Answer 1

Linked

Hot Network Questions

Sudo with NOPASSWD and service restart [duplicate]

1 Answer 1

Linked

Related

Hot Network Questions