Cannot find information on on certain features in MAN which in fact exist

shurkin18

Hi,

This is not the first example where I can find answers on the web, but unable to find anything within MAN pages. I am doing some practice labs and one of them had a task:
Create a user account XXXXXX with the password XXXXXX. Modify the sudo configuration to let the candidate account access root privileges with no password prompt.

I was able to determine how to make user a sudo by using man pages/example of how root account is setup in the sudoers file, but to actually give the account a privilege for no password prompt I had to google

Just a little details, so it is more understandable on what I am talking about:
1) To give user a sudo privilege, you have to use visudo to add an entry to /etc/sudoers.tmp file: username ALL=(ALL:ALL) ALL
2) To give a username a privilege to run sudo commands without a password you have to similarly add an entry to the same file: username ALL=(ALL) NOPASSWD: ALL

I understand that no Linux admin would want to give someone no password prompt privilege lol, but still, how was I suppose to find out about the NOPASSWD "feature" that I can use inside the /etc/sudoers.tmp file?

This is not the first issue I had with this, I do not recall other cases, but it certainly happened before where I would find answers in the course lab answers or on the web without any information in the MAN page or the --help or --usage

Anybody has any insight on this?

coop

It is discussed in "man sudoers" but not in "man sudo". (you should always do something like "man -k sudo" to see a number of relevant man pages. Also occasionally distributions don't follow man pages. Just the way it is in the Linux multi-culture.

You should not be editing sudoers.tmp directly. Also for individual users, I would recommend never touching /etc/sudoers, but doing something like "visudo /etc/sudoers.d/student" (or any other user) as sudo reads all files in that directory, and when you upgrade sudo itself you won't have problems because you updated a config file used by all users.

Yes, NOPASSWD, is a rotten security practice. On the other hand, I use it all the time for pedagogical urposes only.
"