Subject: Re: sudo doesn't ask for password
To: None <>
From: mortee <>
List: tech-security
Date: 10/19/2007 15:13:44
Quentin Garnier wrote:
>> $ sudo -l
>> User morton may run the following commands on this host:
>>     (ALL) ALL
>>     (%morton) NOPASSWD: ALL
>>     (root) NOPASSWD: /usr/pkg/sbin/smartctl -A /dev/wd?d
>> $ sudo -k
>> $ sudo ls
>> .Xauthority
>> .bittorrent
>> ...

> Well, the second line in sudo -l output means you don't have to type
> your password when you belong to group "morton".  I don't see how any
> update would have changed anything there.

I guess that means that I, as user morton can execute anything without a
password when changing my UID to anyone that is the member of group
morton (me => %morton). So if I want to change to root (me => root),
which isn't in group morton, then I'd have to type my password.

Now I reverted to the previous sudo version, and haven't changed
anything else, and it asks for the password again, as expected.

I guess I'll check out what happens with the new version if I comment
out the line in sudoers regardig the group morton. I don't expect that
to solve my problem, as it's supposed to apply to something else than I
have problem with.