Ubuntu – Sudoers file, enable NOPASSWD for user, all commands

Preface

This is a fairly complex question related to the Sudoers file and the sudo command in general.

NOTE: I have made these changes on a dedicated machine running Ubuntu Desktop 13.04, that I use purely for learning purposes. I understand it's a huge security risk to enable NOPASSWD sudo.

Question

Initially, my only change to the sudoers file (/etc/sudoers) was one line, a user specification that should have enabled 'nicholsonjf' to run all commands with sudo without having to enter a password (see the line that starts with 'nicholsonjf'):

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
nicholsonjf    ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

However, this did not work, and I was still prompted for my password every time I ran a command as 'nicholsonjf'. I was only able to start running sudo commands as 'nicholsonjf' once I removed 'nicholsonjf' from the sudo and admin groups.

Can anyone explain why this worked?

Is it because the user 'nicholsonjf' was inheriting sudo rights from the two group specifications of 'admin' and 'sudo' (seen below in the sudoers file), which were overriding the 'nicholsonjf' user specification because they were further down in the config file?