I have two users on my system: itsadok, my main user, and elasticsearch, a user with a different ulimit for running ElasticSearch.
I would like to be able to run stuff as the secondary user without being prompted for password every time.
I added the following line to /etc/sudoers:
itsadok ALL=(elasticsearch:elasticsearch) NOPASSWD: ALL
The way I understand it, this should allow the user itsadok, on any host, to run any command as (user or group) elasticsearch without a password. However, trying something like
itsadok@dev001$ sudo -u elasticsearch ls
prompts me for a password. Restarting the machine did not help.
What am I doing wrong?
UPDATE:
It turns our that the order of lines in sudoers is significant. I placed the line under "User privilege specification" which sounded like the right place, but the line for the %admin group that comes later was overriding the setting.
Putting the same line at the end of the sudoers file fixed the issue.
Best Answer
Revised answer from comments: If you place directives below
#includedir, they are ignored. Move the line next to thesudooradmingroup definitions, or place it in separate file in/etc/sudoers.d/.