Sudo won't work without a password

nihilon · 2013-08-06 21:02:44

I want to start by pointing out that I have spent most of today and last night searching the web and these forums for a solution that works. I can't find one. So here it goes...

Problem:
I cannot get the

$ sudo shutdown

command to work without asking for the root password:

$ sudo shutdown
[sudo] password for root:

Here is the unabridged version of my sudoers file:
pastebin: http://pastebin.com/fzhtMcYA

## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias	WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias	ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# 			    /usr/bin/pkill, /usr/bin/top

##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.

Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
Defaults!/usr/local/bin/sudoreplay !log_output
Defaults!/sbin/reboot !log_output

Defaults rootpw

##
## Runas alias specification
##

##
## User privilege specification
##

root ALL=(ALL) ALL
joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown, /sbin/shutdown

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
%sudo ALL=(ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d

Aside from uncommenting the lines that log the use of sudo and adding the line...

Defaults rootpw

...the only added line is:

joel ALL=(ALL) NOPASSWD: /sbin/shutdown

.

I have tried a number of different versions of this line, including:

joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown, /sbin/shutdown

joel ALL=(ALL) NOPASSWD: /usr/bin/shutdown

joel ALL=NOPASSWD: /usr/bin/shutdown

...and a handful of others that I found in different posts to these forums and elsewhere.

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

Does anyone have any ideas about what might be going on? Did I screw something up or have I managed to find the only copy of sudo that doesn't care about sudoers?

jasonwryan · 2013-08-06 21:06:23

nihilon wrote:

My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).

Trilby · 2013-08-06 21:46:26

Take this with a large grain of salt as it is only brainstorming and I don't know the answer: but does the NOPASSWD option work with symlinks (shutdown -> systemctl)?

EDIT: nevermind - it does.

Last edited by Trilby (2013-08-06 21:47:41)

nihilon · 2013-08-06 22:07:50

jasonwryan wrote:

nihilon wrote:
My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).

No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.

nihilon · 2013-08-06 22:09:08

Trilby wrote:

Take this with a large grain of salt as it is only brainstorming and I don't know the answer: but does the NOPASSWD option work with symlinks (shutdown -> systemctl)?
EDIT: nevermind - it does.

I am glad you were able to figure it out. Because I don't even know what you're talking about.

bleach · 2013-08-06 22:14:50

another thing to try

since it is for joel on any machine it will only work for joel anywere.

sudo shutdown -h now

try rebooting/relogging first

in my experience it needs sudo but will not ask for pass.

Last edited by bleach (2013-08-06 22:16:42)

jasonwryan · 2013-08-06 22:15:58

nihilon wrote:

jasonwryan wrote:
nihilon wrote:
My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).
No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.

Is you session active? This is the correct way to shutdown/reboot under systemd.

nihilon · 2013-08-06 23:05:24

jasonwryan wrote:

Is you session active? This is the correct way to shutdown/reboot under systemd.

How would I determine that? I mean, I am logged in as that user, and I am the only person logged into the machine that I am aware of.

jasonwryan · 2013-08-06 23:16:52

https://wiki.archlinux.org/index.php/Sy … emd-logind

cfr · 2013-08-06 23:22:47

nihilon wrote:

jasonwryan wrote:
Is you session active? This is the correct way to shutdown/reboot under systemd.

How would I determine that? I mean, I am logged in as that user, and I am the only person logged into the machine that I am aware of.

Use jasonwryan's. I posted a command to check the status of the user sessions service, I think.

Last edited by cfr (2013-08-06 23:25:37)

ill · 2013-08-06 23:42:08

nihilon wrote:

jasonwryan wrote:
nihilon wrote:
My goal is to be able to allow myself to shutdown the machine without having to enter a password while logged in as joel, but I do not want this to be the default behavior.

If you have an active logind session and you are the only user logged in, then systemctl poweroff will work (without editing sudoers).
No dice. I received two access denied errors and had to resort to using sudo. Which asked for the root password.

This is a complete guess, but maybe that method won't work if your user isn't in the "power" group.

jasonwryan · 2013-08-06 23:53:38

https://wiki.archlinux.org/index.php/Sy … nformation

bleach · 2013-08-07 00:27:22

it works for me with this

user (host/all)= NOPASSWD: /usr/bin/shutdown

shutdown -h now (halt or off)
shutdown -r now (reboot)
man shutdown

or shutdown and wait

Last edited by bleach (2013-08-07 00:29:13)

nihilon · 2013-08-07 02:10:01

jasonwryan wrote:

Is you session active? This is the correct way to shutdown/reboot under systemd.

Well, don't I feel dumb. After reading a little farther along in the links you sent my way, I came across a reference to something called polkit. So, bit by a curiosity bug, I clicked the link.

Turns out that polkit wasn't installed on my system. I don't know if that is normal or not but there it wasn't. I pacman -Syy'd, installed it, pacman -Syy'd again and tried the command...only to get a whole new set of errors. I rebooted on a hunch and wham! systemctl poweroff now shuts my system down, no questions asked. Thanks for the patience and suggestions. And thanks Jason for pointing me in the right direction. Lesson learned: I am going to scour the documentation first from now on.

As an aside, I really like the fact that Linux won't allow a shutdown without permission unless you're the only one logged onto the system. That's a pretty smart move . But you probably all already know that

Last edited by nihilon (2013-08-07 02:42:36)

Trilby · 2013-08-07 02:12:22

And is X running on tty1?

cfr · 2013-08-07 02:52:59

You should always follow pacman -Syy with pacman -Syu. Moreover, there is really no need to do pacman -Syy at all unless you are having problems with updates.

bleach · 2013-08-07 03:17:08

your edit made responses irelevant why not make a new post or an edit tag.

Arch Linux

#1 2013-08-06 21:02:44

Sudo won't work without a password

#2 2013-08-06 21:06:23

Re: Sudo won't work without a password

#3 2013-08-06 21:46:26

Re: Sudo won't work without a password

#4 2013-08-06 22:07:50

Re: Sudo won't work without a password

#5 2013-08-06 22:09:08

Re: Sudo won't work without a password

#6 2013-08-06 22:14:50

Re: Sudo won't work without a password

#7 2013-08-06 22:15:58

Re: Sudo won't work without a password

#8 2013-08-06 23:05:24

Re: Sudo won't work without a password

#9 2013-08-06 23:16:52

Re: Sudo won't work without a password

#10 2013-08-06 23:22:47

Re: Sudo won't work without a password

#11 2013-08-06 23:42:08

Re: Sudo won't work without a password

#12 2013-08-06 23:53:38

Re: Sudo won't work without a password

#13 2013-08-07 00:27:22

Re: Sudo won't work without a password

#14 2013-08-07 02:10:01

Re: Sudo won't work without a password

#15 2013-08-07 02:12:22

Re: Sudo won't work without a password

#16 2013-08-07 02:52:59

Re: Sudo won't work without a password

#17 2013-08-07 03:17:08

Re: Sudo won't work without a password

Board footer