I'm encountering an issue with root privilege assignment to a non-wheel group in my Red Hat Enterprise Linux system. Specifically, I'm trying to grant passwordless sudo access to a custom group named 'adminteam', but users in this group are still prompted for a password.
I've attempted to configure this in two ways:
- Directly adding the rule to /etc/sudoers.
- Creating a separate configuration file /etc/sudoers.d/adminteam.
In both scenarios, the result is the same: individual user entries with NOPASSWD: ALL work as expected, but the group rule does not.
Here's a breakdown of the issue:
- Expected Behavior: Users in the 'adminteam' group (or any non-wheel group) with NOPASSWD: ALL in /etc/sudoers or /etc/sudoers.d/adminteam should be able to execute sudo commands without a password prompt.
- Actual Behavior: Users in the 'adminteam' group are still prompted for a password.
- Working Scenario: Individual user entries with NOPASSWD: ALL function correctly.
Here's a simplified example of my configuration (both in /etc/sudoers and /etc/sudoers.d/adminteam):
# Example sudoers entry
%adminteam ALL=(ALL) NOPASSWD: ALL
myuser ALL=(ALL) NOPASSWD: ALL
In this example, myuser can execute sudo commands without a password, but users within the adminteam group still require a password.
I've verified that the users are indeed members of the 'adminteam' group.
My questions are:
- Is there a known difference in how sudo handles non-wheel groups compared to the 'wheel' group, or individual users?
- Are there specific considerations for using /etc/sudoers.d/ for group configurations?
- Is there a potential conflict between rules in /etc/sudoers and /etc/sudoers.d/?
- Is this the expected behavior?
- Is this a bug?
