when use sudo to run a specified command which is not found in os, sudo will ask you for password even if you have configured NOPASSWD for this user.
I observe this issue below:
abc@ubuntu:~$ sudo - i
[sudo] password for abc:
sudo: -: command not found
abc@ubuntu:~$ sudo -i
root@ubuntu:~#
sudo command seems to fail with error "command not found", however for next sudo attempt with correct option, it got root login but this time it didn't ask for password. Why this strange behavior?
I am asking this question from security view of point. Notice that after "command not found" the user is still "abc" which may not be admin. He/She can get the "root" privileges without even knowing the sudo password by simply issuing "sudo -i" within 15 minutes(cached password time).
In the first case, the shell thinks that there is a command after sudo that you are trying to run, - , because there is no such a command, the shell tells you that command was not found. When running a command preceded with sudo , by default, it will ask your password.
In the second case, the shell recognizes that you are running sudo command with -i option. The password is not asked again because you just typed it correctly when you tried to run the first command. (by default it caches credentials for 15 minutes)
配置了NOPASSWD为什么还要密码
when use sudo to run a specified command which is not found in os, sudo will ask you for password even if you have configured NOPASSWD for this user.
比若说在/etc/sudoers.d/01-user内配置了
user ALL=(ALL) NOPASSWD: /sbin/multipath, /usr/sbin/upadmin
如果当前os并没有安装huawei path,仅安装了multipath
那么
sudo multipath -ll 正常执行
sudo upadmin show path 无法执行,反倒还要输入用户密码(NOPASSWD不生效了)
如何正确配置sudo文件
about how to configure config file living in sudoers.d
1. 命令一定要用绝对路径
2. 命令参数可以用*